Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Totality checker too permissive ? #1917

Open
nicolabotta opened this issue Feb 13, 2015 · 3 comments
Open

Totality checker too permissive ? #1917

nicolabotta opened this issue Feb 13, 2015 · 3 comments
Labels
A-Confirmed S-Normal U-Totality Checking

Comments

@nicolabotta
Copy link

The program

> import Data.Vect

> total
> Dec1 : {A : Type} -> (P : A -> Type) -> Type
> Dec1 {A} P = (a : A) -> Dec (P a) 

> total
> filter : {A : Type} ->
>          {P : A -> Type} ->
>          Dec1 P ->
>          Vect n A -> 
>          (m : Nat ** Vect m A)
> filter d1P Nil = (Z ** Nil)
> filter d1P (a :: as) with (filter d1P as)
>   | (_ ** tail) with (d1P a)
>     | (Yes p)     = (_ ** a :: tail)
>     | (No contra) = (_ ** tail)

> total
> filterLemma : {A : Type} ->
>               {P : A -> Type} ->
>               (d1P : Dec1 P) ->
>               (a : A) ->
>               (as : Vect n A) ->
>               Elem a as ->
>               (p : P a) ->
>               Elem a (getProof (filter d1P as))
> filterLemma d1P a Nil  Here       p impossible

type checks fine although |filterLemma| is obviously not total. Is this the expected behavior ? Is the totality checker too permissive ?
@edwinb
Copy link
Contributor

edwinb commented Feb 14, 2015

The problem is that it has guessed which "Nil" is meant and picked the wrong one. This is similar to an issue I was discussing with @david-christiansen recently - when there's only impossible cases given, it doesn't disambiguate names properly.

(This is more a note to myself about how to go about fixing it at some point...)

@nicolabotta
Copy link
Author

Thanks Edwin. I cannot claim I understand what is going on but avoiding |impossible| appears to help:

> filterLemma d1P a Nil  prf p = absurd prf -- impossible

gives

*totalityChecker> :total filterLemma
Main.filterLemma is not total as there are missing cases

as one would expect. For the time being, I am going to adopt this scheme and restrict the usage of |impossible| to instance declarations. Best, Nicola

@nicolabotta nicolabotta mentioned this issue Feb 17, 2015
Closed
@TimRichter
Copy link

Another, slightly shorter, example:

> descent : {P : Nat -> Type} -> 
>           ((x : Nat) -> P x -> (x' : Nat ** (x' `LT` x,P x'))) ->
>           ( y : Nat ** P y) -> Void
> descent {P} desc (Z ** pZ) with (desc Z pZ)
>     | (Z ** (LTESucc _, _)) impossible

Idris 0.11 accepts descent as total. Avoiding "impossible" doesn't
help here: this implementation

> descent {P} desc (Z ** pZ) with (desc Z pZ)
>     | (Z ** (p, _)) = absurd p

is also reported total.

Best,
Tim

@andreykl andreykl mentioned this issue Oct 22, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-Confirmed S-Normal U-Totality Checking
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@edwinb @ahmadsalim @nicolabotta @TimRichter