RFC: Run decreasing_by tactic on all goals, not each goal

[nomeata]

Problem: Interactive termination proofs

Consider the (of course non-terminating) definition:

def foo (n : Nat) : Nat :=  foo (n - 1) + foo n + foo (n + 1)
decreasing_by …

The tactic passed to decreasing_by is currently executed on each recursive call separately, with one goal present. This makes it harder to write these termination tactics individually, for example when different recursive calls need widely different approaches, because whatever you write has to work with all goals at the same time.

As a user I would have expected to be able to focus individual calls with \., like so

def foo (n : Nat) : Nat := foo (n - 1) + foo n + foo (n + 1)
decreasing_by
  · trace_state; sorry
  · trace_state; sorry
  · trace_state; sorry

but here the second \. says “no goals to be solved”.

Solution: One subgoal for each recursive goal

To solve this, the proof following decreasing_by should have the proof obligations for each recursive call as a separate subgoal.

This has a few knock-on effects:

Problem: Mutual recursion and SCCs

If we have a mutual block (or local where, letrec), then Lean will look at all involved definitions, build strongly connected components (SCCs), and derecursify each SCC individually.

It seems technically hard to get all subgoals from these independent definitions into a single TacticM state. Furthremore, the user experience would be bad if the order of subgoals would change, and sorting the subgoals afterwards is tricky.

Solution: Per-function decreasing_by.

A good solution to this problem seems to be to attach the decreasing_by to each function definition, e.g.

mutual
def even : Nat → Nat := …
decreasing_by …

def odd : Nat → Nat := …
decreasing_by …
end

This naturally associates the proofs with the subgoals of that function. It is arguably also more intuitive in cases of letrec or where.

Problem: What happens to terminating_by?

Now that decreasing_by is attached to each function, it would be strange to not do the same for terminating_by.

Solution: Per-function terminating_by

So let’s also move it to per-function. This has the additional effect that we can simplify the syntax and not require the function name as part of the termination hint.

So instead of

mutual
def even : Nat → Nat := …

def odd : Nat → Nat := …
end
terminating_by
  even n => n
  odd n => n

we would write

mutual
def even : Nat → Nat := …
terminating_by n => n

def odd : Nat → Nat := …
terminating_by n => n
end

Problem: Changing the default tactic

At the moment, decreasing_by is used for two similar, but distinct use-cases:

1. Interactive long termination proofs
2. Using a tactic for automatic proofs that’s different than decreasing_tactic.

For example, if there is no termination_by clause, and Lean wants to guess the right measure. It’d be silly to apply the interactive proof when Lean is trying out various measures. But if the user has configured a different automatic tactic, then guessing the measure is sensible.

Also, for interactive proofs, red squiggly lines should be placed in the interactive proof, while for automatic proofs, the recursive call that cannot be proven should be highlighted.

Solution: Command to change default decrasing_tactic tactic

This calls for different command/syntax for the two use cases. The proposal is to use decreasing_by for interactive proofs. This means

• Applied once to all goals
• Error highlighted in the proof
• Requires a terminating_by clause, as we cannot guess the order. (Maybe allow to omit if there is exactly one changing parameter).

For temporarily using a different automatic tactic, introduce a command

default_decreasing_by <tac>

that effectively works like termination_by now:

• Applied to each goal separately
• Errors highlight the recursive call
• If not specified, default_decreasing_by is used.

Typical use might be

default_decreasing_by <tac> in
def ackerman …

or

default_decreasing_by <tac> in
mutual
def even …
def odd
end

which should feel familiar to the users (similar to set_option).

This seems to be a serious papercut: Users should have a nice environment to write these proofs interactively. So ideally, the following should hold

1. When writing decreasing_by proofs interactively, there should be recursive calls for each subgoal.
2. The grouping-by-SCC done internally by lean should not affect the user (predictable order of subgoals etc.)
3. When using the default termination tactic.

Open questions

• This is a breaking change: Some terminating_by need to be moved, some decreasing_by may become default_decreasing_by … in. Is this worth it? Should we try to find a backward compat way of achieving the goals (at the expense of a possibly worse UX)?

• Is there a good way to name each recursive call, either automatically or manually, so that case <name> => can be used? Such names will also come in handy when deriving an induction principle from a recursive definition.

  We could say that whenever the recursive call is let-bound, we use the name as case name:

  def foo (n : Nat) : Nat :=
    let n1 := foo (n - 1)
    let n2 := foo (n - 2)
    n1 + n2
  

  Too ad-hoc?

Community Feedback

Initial discussion on Zulip (but not much activity).

Impact

Add 👍 to issues you consider important. If others benefit from the changes in this proposal being added, please ask them to add 👍 to it.

[nomeata]

An implementation seems to be rather simple: In mkFix, Just don’t apply the tactic to the MVar at each recursive call, and then use getMVarsNoDelayed after traversing the whole expression.

I have a POC at https://github.com/nomeata/lean-derec-lab/blob/master/Derec/SingleGoal.lean

It would be a breaking change requiring existing uses of decreasing_by foo with decreasing_by all_goals foo.

[leodemoura]

Like the idea, but what about mutual recursion? The actual order may not be clear to users. Recall that we compute SCCs.

[nomeata]

Hmm, yes, the order may be surprising.

We could sort the MVars by the syntax ref maybe to put them back into source code order? (If MVars remember the ref they were created at or if we pass it separately.)

I'll experiment with multiple SCCs and see.

[nomeata]

Hmm, indeed, I didn’t have it on the radar that the termination_by and decreasing_by annotations need to work in cases where they apply to independent recursions. I’ll have to think about that a bit more, also related to the idea of termination_by? etc.

This already causes corner case issues like: If some recursions in the block should be done structurally, and others require a decreasing_by annotation, then you can’t have both, as the presence of decreasing_by makes it always try well-founded recursion:

mutual
def foo : Nat → Nat
 | 0 => 0
 | .succ n => foo n

def bar : Nat → Nat
  | n => if  n = 0 then 0 else bar (n - 1)

end
decreasing_by sorry

Not a problem per se, just an example of the complications to keep in mind here.

[nomeata]

Together with Leo I we had an idea for a nice way that solves

• the problem of ordering the goals,
• the problem that not all functions in a mutual block end up being in the same SCC (and setting up the goal state so that all those unrelated goals are visible) and
• the problem of guessing whether the user wants to do interactive proof, or just specify a different default tactic.

We allow the user to specify the tactic/proof keyed by the function it should be used in; like we already do with terminating_by. This way, the internal order of functions does not leak, and it doesn't matter if only some functions are mutually recursive with some others etc.

What would be a good syntax?

One idea is to use | to indicate that we have multiple cases:

mutual
def foo : Nat → Nat
 | 0 => 0
 | .succ n => bar n + bar (n - 1)

def bar : Nat → Nat
  | n => if  n = 0 then 0 else foo (n - 1)
end
decreasing_by
 | foo => 
   · -- first recursive call in foo
   · -- second recursive call in foo
 | bar => 
   · -- first recursive call in bar

It’s a bit verbose and silly if there is only one recursive function, which is a common case. But at least it’s consistent with recursing_by.

[digama0]

By the way, this relates to a syntax nit that I have been meaning to bring up: Why does decreasing_by / termination_by have to handle all the declarations at once? Couldn't these be placed after the respective definition? And then you wouldn't need the foo => part. Like this:

mutual
def foo : Nat → Nat
 | 0 => 0
 | .succ n => bar n + bar (n - 1)
decreasing_by
 · -- first recursive call in foo
 · -- second recursive call in foo

def bar : Nat → Nat
  | n => if  n = 0 then 0 else foo (n - 1)
decreasing_by
 · -- first recursive call in bar
end

They would still be processed together in the same way as is done currently, this is just a syntactic change.

I can see some reasons for keeping all the termination_by clauses together, if for example it makes it easier to review the functions for the mutual block and see that they interleave appropriately. Perhaps both could be supported and you could mix and match this style with the current everything-at-the-end style if this is a stylistic preference.

[nomeata]

That’s a good idea as well. Makes it also much more natural where to place thigns in case of where or letrec. I wonder what the downsides are.

Perhaps both could be supported

I tend to lean towards less options, as having to decide between options itself is a UX cost, so preferrably only if there are strong reasons to have both.

Maybe decreasing_by … should be used for interactive use, and there ought to be another syntax, like a command (possibly scoped with in)
default_decreasing_tactic <tac> in
to locally change the default termination tactic. That could then be used before mutual.

Do we have precedence for “tactic-valued options”?

[nomeata]

Ah, one possible reason to have a common decreasing_by is that you probably start many proofs, even interactive ones, with all_goals simp_wf and similar preparation steps. They would have to repeated if we invoke the tactic on each function separately. (But my intuition is that that’s not too bad, and the syntactic clarity and simplicity of per-function decreasing_by still looks good.)

[nomeata]

I rewrote the proposal to include some of the ideas from this discussion, in particular

• Per-function termination_by and decreasing_by.
• Separate `default_decreasing_by for non-interactive proofs.

[Kha]

Is there a concrete syntax proposal in the case of let rec and where yet?

[nomeata]

I didn't spell it out yet, but my hope is that both termination_by and decreasing_by will just be attached to the individual function definitions, even if they are in a letrec or where. Do you expect problems with that?

[Kha]

I suppose it would have to be indentation sensitive at least. Indentation would determine whether a clause belongs to the last where or to the top-level function

[nomeata]

Ah, I see. I sometimes forget that Lean is less indentation sensitive than it looks like :-)

Do you think that’s feasible and reasonable?

[Kha]

Yes to both I think. At least it's where I, probably, would have tried to put them as a user.