1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
|
(************************************************************************)
(* * The Coq Proof Assistant / The Coq Development Team *)
(* v * Copyright INRIA, CNRS and contributors *)
(* <O___,, * (see version control and CREDITS file for authors & dates) *)
(* \VV/ **************************************************************)
(* // * This file is distributed under the terms of the *)
(* * GNU Lesser General Public License Version 2.1 *)
(* * (see LICENSE file for the text of the license) *)
(************************************************************************)
open Util
open Names
open Context
module NamedDecl = Context.Named.Declaration
(*** Proof Global Environment ***)
type proof_object =
{ name : Names.Id.t
(* [name] only used in the STM *)
; entries : Evd.side_effects Declare.proof_entry list
; uctx: UState.t
}
type opacity_flag = Opaque | Transparent
type t =
{ endline_tactic : Genarg.glob_generic_argument option
; section_vars : Id.Set.t option
; proof : Proof.t
; udecl: UState.universe_decl
(** Initial universe declarations *)
; initial_euctx : UState.t
(** The initial universe context (for the statement) *)
}
(*** Proof Global manipulation ***)
let get_proof ps = ps.proof
let get_proof_name ps = (Proof.data ps.proof).Proof.name
let get_initial_euctx ps = ps.initial_euctx
let map_proof f p = { p with proof = f p.proof }
let map_fold_proof f p = let proof, res = f p.proof in { p with proof }, res
let map_fold_proof_endline f ps =
let et =
match ps.endline_tactic with
| None -> Proofview.tclUNIT ()
| Some tac ->
let open Geninterp in
let {Proof.poly} = Proof.data ps.proof in
let ist = { lfun = Id.Map.empty; poly; extra = TacStore.empty } in
let Genarg.GenArg (Genarg.Glbwit tag, tac) = tac in
let tac = Geninterp.interp tag ist tac in
Ftactic.run tac (fun _ -> Proofview.tclUNIT ())
in
let (newpr,ret) = f et ps.proof in
let ps = { ps with proof = newpr } in
ps, ret
let compact_the_proof pf = map_proof Proof.compact pf
(* Sets the tactic to be used when a tactic line is closed with [...] *)
let set_endline_tactic tac ps =
{ ps with endline_tactic = Some tac }
(** [start_proof ~name ~udecl ~poly sigma goals] starts a proof of
name [name] with goals [goals] (a list of pairs of environment and
conclusion). The proof is started in the evar map [sigma] (which
can typically contain universe constraints), and with universe
bindings [udecl]. *)
let start_proof ~name ~udecl ~poly sigma goals =
let proof = Proof.start ~name ~poly sigma goals in
let initial_euctx = Evd.evar_universe_context Proof.((data proof).sigma) in
{ proof
; endline_tactic = None
; section_vars = None
; udecl
; initial_euctx
}
let start_dependent_proof ~name ~udecl ~poly goals =
let proof = Proof.dependent_start ~name ~poly goals in
let initial_euctx = Evd.evar_universe_context Proof.((data proof).sigma) in
{ proof
; endline_tactic = None
; section_vars = None
; udecl
; initial_euctx
}
let get_used_variables pf = pf.section_vars
let get_universe_decl pf = pf.udecl
let set_used_variables ps l =
let open Context.Named.Declaration in
let env = Global.env () in
let ids = List.fold_right Id.Set.add l Id.Set.empty in
let ctx = Environ.keep_hyps env ids in
let ctx_set =
List.fold_right Id.Set.add (List.map NamedDecl.get_id ctx) Id.Set.empty in
let vars_of = Environ.global_vars_set in
let aux env entry (ctx, all_safe as orig) =
match entry with
| LocalAssum ({binder_name=x},_) ->
if Id.Set.mem x all_safe then orig
else (ctx, all_safe)
| LocalDef ({binder_name=x},bo, ty) as decl ->
if Id.Set.mem x all_safe then orig else
let vars = Id.Set.union (vars_of env bo) (vars_of env ty) in
if Id.Set.subset vars all_safe
then (decl :: ctx, Id.Set.add x all_safe)
else (ctx, all_safe) in
let ctx, _ =
Environ.fold_named_context aux env ~init:(ctx,ctx_set) in
if not (Option.is_empty ps.section_vars) then
CErrors.user_err Pp.(str "Used section variables can be declared only once");
ctx, { ps with section_vars = Some (Context.Named.to_vars ctx) }
let get_open_goals ps =
let Proof.{ goals; stack; shelf } = Proof.data ps.proof in
List.length goals +
List.fold_left (+) 0
(List.map (fun (l1,l2) -> List.length l1 + List.length l2) stack) +
List.length shelf
type closed_proof_output = (Constr.t * Evd.side_effects) list * UState.t
let private_poly_univs =
let b = ref true in
let _ = Goptions.(declare_bool_option {
optdepr = false;
optkey = ["Private";"Polymorphic";"Universes"];
optread = (fun () -> !b);
optwrite = ((:=) b);
})
in
fun () -> !b
(* XXX: This is still separate from close_proof below due to drop_pt in the STM *)
let return_proof { proof } =
let Proof.{name=pid;entry} = Proof.data proof in
let initial_goals = Proofview.initial_goals entry in
let evd = Proof.return ~pid proof in
let eff = Evd.eval_side_effects evd in
let evd = Evd.minimize_universes evd in
let proof_opt c =
match EConstr.to_constr_opt evd c with
| Some p -> p
| None -> CErrors.user_err Pp.(str "Some unresolved existential variables remain")
in
(* ppedrot: FIXME, this is surely wrong. There is no reason to duplicate
side-effects... This may explain why one need to uniquize side-effects
thereafter... *)
(* EJGA: actually side-effects de-duplication and this codepath is
unrelated. Duplicated side-effects arise from incorrect scheme
generation code, the main bulk of it was mostly fixed by #9836
but duplication can still happen because of rewriting schemes I
think; however the code below is mostly untested, the only
code-paths that generate several proof entries are derive and
equations and so far there is no code in the CI that will
actually call those and do a side-effect, TTBOMK *)
(* EJGA: likely the right solution is to attach side effects to the first constant only? *)
let proofs = List.map (fun (c, _) -> (proof_opt c, eff)) initial_goals in
proofs, Evd.evar_universe_context evd
let close_proof ~opaque ~keep_body_ucst_separate ps =
let elist, uctx = return_proof ps in
let { section_vars; proof; udecl; initial_euctx } = ps in
let { Proof.name; poly; entry; sigma } = Proof.data proof in
let opaque = match opaque with Opaque -> true | Transparent -> false in
(* Because of dependent subgoals at the beginning of proofs, we could
have existential variables in the initial types of goals, we need to
normalise them for the kernel. *)
let subst_evar k = Evd.existential_opt_value0 sigma k in
let nf = UnivSubst.nf_evars_and_universes_opt_subst subst_evar (UState.subst uctx) in
let make_entry (body, eff) (_, typ) =
let allow_deferred =
not poly && (keep_body_ucst_separate ||
not (Safe_typing.empty_private_constants = eff.Evd.seff_private))
in
(* EJGA: Why are we doing things this way? *)
let typ = EConstr.Unsafe.to_constr typ in
let typ = if allow_deferred then typ else nf typ in
(* EJGA: End "Why are we doing things this way?" *)
let used_univs_body = Vars.universes_of_constr body in
let used_univs_typ = Vars.universes_of_constr typ in
let used_univs = Univ.LSet.union used_univs_body used_univs_typ in
let utyp, ubody =
if allow_deferred then
let utyp = UState.univ_entry ~poly initial_euctx in
let uctx = UState.constrain_variables (fst (UState.context_set initial_euctx)) uctx in
(* For vi2vo compilation proofs are computed now but we need to
complement the univ constraints of the typ with the ones of
the body. So we keep the two sets distinct. *)
let uctx_body = UState.restrict uctx used_univs in
let ubody = UState.check_mono_univ_decl uctx_body udecl in
utyp, ubody
else if poly && opaque && private_poly_univs () then
let universes = UState.restrict uctx used_univs in
let typus = UState.restrict universes used_univs_typ in
let utyp = UState.check_univ_decl ~poly typus udecl in
let ubody = Univ.ContextSet.diff
(UState.context_set universes)
(UState.context_set typus)
in
utyp, ubody
else
(* Since the proof is computed now, we can simply have 1 set of
constraints in which we merge the ones for the body and the ones
for the typ. We recheck the declaration after restricting with
the actually used universes.
TODO: check if restrict is really necessary now. *)
let ctx = UState.restrict uctx used_univs in
let utyp = UState.check_univ_decl ~poly ctx udecl in
utyp, Univ.ContextSet.empty
in
Declare.definition_entry ~opaque ?section_vars ~univs:utyp ~univsbody:ubody ~types:typ ~eff body
in
let entries = CList.map2 make_entry elist (Proofview.initial_goals entry) in
{ name; entries; uctx }
let close_proof_delayed ~feedback_id ps (fpl : closed_proof_output Future.computation) =
let { section_vars; proof; udecl; initial_euctx } = ps in
let { Proof.name; poly; entry; sigma } = Proof.data proof in
(* We don't allow poly = true in this path *)
if poly then
CErrors.anomaly (Pp.str "Cannot delay universe-polymorphic constants.");
let fpl, uctx = Future.split2 fpl in
(* Because of dependent subgoals at the beginning of proofs, we could
have existential variables in the initial types of goals, we need to
normalise them for the kernel. *)
let subst_evar k = Evd.existential_opt_value0 sigma k in
let nf = UnivSubst.nf_evars_and_universes_opt_subst subst_evar (UState.subst initial_euctx) in
(* We only support opaque proofs, this will be enforced by using
different entries soon *)
let opaque = true in
let make_entry p (_, types) =
(* Already checked the univ_decl for the type universes when starting the proof. *)
let univs = UState.univ_entry ~poly:false initial_euctx in
let types = nf (EConstr.Unsafe.to_constr types) in
Future.chain p (fun (pt,eff) ->
(* Deferred proof, we already checked the universe declaration with
the initial universes, ensure that the final universes respect
the declaration as well. If the declaration is non-extensible,
this will prevent the body from adding universes and constraints. *)
let uctx = Future.force uctx in
let uctx = UState.constrain_variables (fst (UState.context_set initial_euctx)) uctx in
let used_univs = Univ.LSet.union
(Vars.universes_of_constr types)
(Vars.universes_of_constr pt)
in
let univs = UState.restrict uctx used_univs in
let univs = UState.check_mono_univ_decl univs udecl in
(pt,univs),eff)
|> Declare.delayed_definition_entry ~opaque ~feedback_id ?section_vars ~univs ~types
in
let entries = Future.map2 make_entry fpl (Proofview.initial_goals entry) in
{ name; entries; uctx = initial_euctx }
let close_future_proof = close_proof_delayed
let return_partial_proof { proof } =
let proofs = Proof.partial_proof proof in
let Proof.{sigma=evd} = Proof.data proof in
let eff = Evd.eval_side_effects evd in
(* ppedrot: FIXME, this is surely wrong. There is no reason to duplicate
side-effects... This may explain why one need to uniquize side-effects
thereafter... *)
let proofs = List.map (fun c -> EConstr.Unsafe.to_constr c, eff) proofs in
proofs, Evd.evar_universe_context evd
let update_global_env =
map_proof (fun p ->
let { Proof.sigma } = Proof.data p in
let tac = Proofview.Unsafe.tclEVARS (Evd.update_sigma_env sigma (Global.env ())) in
let p, (status,info), _ = Proof.run_tactic (Global.env ()) tac p in
p)
|
