experiment: forbid large elim of recursive Prop inductives#13851
Draft
nomeata wants to merge 1 commit into
Draft
experiment: forbid large elim of recursive Prop inductives#13851nomeata wants to merge 1 commit into
nomeata wants to merge 1 commit into
Conversation
This PR is an experiment that restricts `Acc.rec` and other recursors for recursive `Prop` inductives to motives in `Prop`, removing large elimination for them while preserving it for non-recursive subsingleton-style products like `Eq`, `And`, `Iff`, `Or`, and `Unit`. The motivation is to ensure the kernel never has to look at a proof term of a `Prop`, which would in turn enable downstream tooling (e.g. external checkers) to drop proof subterms after typechecking. This is not intended for merging as-is: it is a snapshot to measure the cost (in stdlib churn and in performance) of imposing the restriction, so we can decide whether to pursue it further. `elim_only_at_universe_zero` in `src/kernel/inductive.cpp` now returns true for `is_rec()` inductives. `WellFounded.fix` is redefined in `Init/WF.lean` via a recursive `Prop` `FixGraph` relation plus `Classical.choice` from the prelude (avoiding the import cycle that would arise from `import Init.Classical`). `Init/WFComputable.lean` is restructured: `Acc.recC`/`Acc.ndrec` and their csimp pairs are removed (the recursor signature no longer matches), but compilable csimp rules for `WellFounded.fixF` and `WellFounded.fix` are restored and proved via `FixGraph` uniqueness. `Init/While.lean`'s `whileM.fix` is rewritten on top of `WellFounded.fixF` with an explicit unfolding lemma. Test expectations adjusted: `casesOnAcc.lean` is dropped (it tested large elimination of `Acc.casesOn` into `Nat`, which is exactly what the restriction removes), `print_cmd.lean`'s `#print Acc.rec` snapshot is updated to the restricted signature, `csimpCore.lean` no longer lists `(Acc.rec, Acc.recC)`, and `kernelBacktrack.lean` now sees `Classical.choice` in the axiom dependency list. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is an experiment that restricts
Acc.recand other recursorsfor recursive
Propinductives to motives inProp, removing largeelimination for them while preserving it for non-recursive
subsingleton-style products like
Eq,And,Iff,Or, andUnit.The motivation is to ensure the kernel never has to look at a proof
term of a
Prop, which would in turn enable downstream tooling (e.g.external checkers) to drop proof subterms after typechecking.
This is not intended for merging as-is: it is a snapshot to measure
the cost (in stdlib churn and in performance) of imposing the
restriction, so we can decide whether to pursue it further.
elim_only_at_universe_zeroinsrc/kernel/inductive.cppnow returnstrue for
is_rec()inductives.WellFounded.fixis redefined inInit/WF.leanvia a recursivePropFixGraphrelation plusClassical.choicefrom the prelude (avoiding the import cycle thatwould arise from
import Init.Classical).Init/WFComputable.leanisrestructured:
Acc.recC/Acc.ndrecand their csimp pairs are removed(the recursor signature no longer matches), but compilable csimp rules
for
WellFounded.fixFandWellFounded.fixare restored and provedvia
FixGraphuniqueness.Init/While.lean'swhileM.fixisrewritten on top of
WellFounded.fixFwith an explicit unfoldinglemma.
Test expectations adjusted:
casesOnAcc.leanis dropped (it testedlarge elimination of
Acc.casesOnintoNat, which is exactly whatthe restriction removes),
print_cmd.lean's#print Acc.recsnapshotis updated to the restricted signature,
csimpCore.leanno longerlists
(Acc.rec, Acc.recC), andkernelBacktrack.leannow seesClassical.choicein the axiom dependency list.Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com