Tactics for Reasoning modulo AC in Coq
📝 Abstract
We present a set of tools for rewriting modulo associativity and commutativity (AC) in Coq, solving a long-standing practical problem. We use two building blocks: first, an extensible reflexive decision procedure for equality modulo AC; second, an OCaml plug-in for pattern matching modulo AC. We handle associative only operations, neutral elements, uninterpreted function symbols, and user-defined equivalence relations. By relying on type-classes for the reification phase, we can infer these properties automatically, so that end-users do not need to specify which operation is A or AC, or which constant is a neutral element.
💡 Analysis
We present a set of tools for rewriting modulo associativity and commutativity (AC) in Coq, solving a long-standing practical problem. We use two building blocks: first, an extensible reflexive decision procedure for equality modulo AC; second, an OCaml plug-in for pattern matching modulo AC. We handle associative only operations, neutral elements, uninterpreted function symbols, and user-defined equivalence relations. By relying on type-classes for the reification phase, we can infer these properties automatically, so that end-users do not need to specify which operation is A or AC, or which constant is a neutral element.
📄 Content
arXiv:1106.4448v2 [cs.MS] 22 Sep 2011 Tactics for Reasoning modulo AC in Coq ⋆ Thomas Braibant and Damien Pous LIG, UMR 5217, CNRS, INRIA, Grenoble Abstract. We present a set of tools for rewriting modulo associativity and commutativity (AC) in Coq, solving a long-standing practical prob- lem. We use two building blocks: first, an extensible reflexive decision procedure for equality modulo AC; second, an OCaml plug-in for pattern matching modulo AC. We handle associative only operations, neutral elements, uninterpreted function symbols, and user-defined equivalence relations. By relying on type-classes for the reification phase, we can infer these properties automatically, so that end-users do not need to specify which operation is A or AC, or which constant is a neutral element. 1 Introduction Motivations. Typical hand-written mathematical proofs deal with commuta- tivity and associativity of operations in a liberal way. Unfortunately, a proof assistant requires a formal justification of all reasoning steps, so that the user often needs to make boring term re-orderings before applying a theorem or using a hypothesis. Suppose for example that one wants to rewrite using a simple hy- pothesis like H: ∀x, x+−x = 0 in a term like a+b+c+−(c+a). Since Coq standard rewrite tactic matches terms syntactically, this is not possible directly. Instead, one has to reshape the goal using the commutativity and associativity lemmas: rewrite (add_comm a b), ←(add_assoc b a c). rewrite (add_comm c a), ←add_assoc. rewrite H. (* ⊢((a+b)+c)+-(c+a) = … ) ( ⊢(b+(a+c))+-(c+a) = … ) ( ⊢b+((a+c)+-(a+c)) = … ) ( ⊢b+0 = … *) This is not satisfactory for several reasons. First, the proof script is too verbose for such a simple reasoning step. Second, while reading such a proof script is easy, writing it can be painful: there are several sequences of rewrites yielding to the desired term, and finding a reasonably short one is difficult. Third, we need to copy-paste parts of the goal to select which occurrence to rewrite using the associativity or commutativity lemmas; this is not a good practice since the resulting script breaks when the goal is subject to small modifications. (Note that one could also select occurrences by their positions, but this is at least as difficult for the user which then has to count the number of occurrences to skip, and even more fragile since these numbers cannot be used to understand the proof when the script breaks after some modification of the goal.) In this paper, we propose a solution to this short-coming for the Coq proof- assistant: we extend the usual rewriting tactic to automatically exploit associa- tivity and commutativity (AC), or just associativity (A) of some operations. ⋆To appear in Proc. CPP, LNCS, Springer, 2011. Trusted unification vs untrusted matching. There are two main approaches to implementing rewriting modulo AC in a proof-assistant. First, one can extend the unification mechanism of the system to work modulo AC [20]. This option is quite powerful, since most existing tactics would then work modulo AC. It how- ever requires non-trivial modifications of the kernel of the proof assistant (e.g., unification modulo AC does not always yield finite complete sets of unifiers). As a consequence, this obfuscates the meta-theory: we need a new proof of strong normalisation and we increase the trusted code base. On the contrary, we can restrict ourselves to pattern matching modulo AC and use the core-system itself to validate all rewriting steps [8]. We chose this option. Contributions, scope of the library. Besides the facts that such tools did not exist in Coq before and that they apparently no longer exist in Isabelle/HOL (see §6.1 for a more thorough discussion), the main contributions of this work lie in the way standard algorithms and ideas are combined together to get tactics that are efficient, easy to use, and covering a large range of situations: – We can have any number of associative and possibly commutative opera- tions, each possibly having a neutral element. For instance, we can have the operations min, max, +, and ∗on natural numbers, where max and + share the neutral element 0, ∗has neutral element 1, and min has no neutral element. – We deal with arbitrary user-defined equivalence relations. This is important for rational numbers or propositions, for example, where addition and sub- traction (resp. conjunction and disjunction) are not AC for Leibniz equality, but for rational equality, Qeq (resp. propositional equivalence, iff). – We handle “uninterpreted” function symbols: n-ary functions for which the only assumption is that they preserve the appropriate equivalence relation— they are sometimes called “proper morphisms”. For example, subtraction on rational numbers is a proper morphism for Qeq, while pointwise addition of numerators and denominators is not. (Note that any function is a proper morphism for Leibniz equality.) – The interface we provide is straightforward to use:
This content is AI-processed based on ArXiv data.