`fun::path_inv` is too strong (`~inv(f) ⋀ (f : x -> y) ⋀ (x -> y) => (y -> x)`)

Question

`fun::path_inv` is too strong (`~inv(f) ⋀ (f : x -> y) ⋀ (x -> y) => (y -> x)`)

bvssvni opened this issue a year ago · comments

/// `y^x  =>  x^y`.
pub fn proof<X: Prop, Y: Prop>(
    pow_yx: Pow<Y, X>
) -> Pow<X, Y> {
    let qu_true: Qu<True> = fun::true_qu();
    let qu_inv_true: Qu<Inv<True>> = fun::inv_qu(qu_true);
    let ty_true: Ty<True, Pow<Y, X>> = path_semantics::ty_rev_true(pow_yx);
    fun::path_inv(qu_inv_true, ty_true, pow_yx)
}

This should not be provable, since one can use it prove false^x for any x.

This assumes the following tactics are sound:

true_qu (~true, recent development)
inv_qu (~f => ~inv(f))
ty_rev_true (a => (true : a))

path_inv uses the following tactics:

path
inv_ty
ty_triv
ty_true

path_inv is used by fun_rev_ext (fun_ext_ty(f, g) => (f == g)^true).

Sven Nilsen · Answer 1 · Thu Feb 16 2023 23:47:30 GMT+0800 (China Standard Time)

One idea is to add theory(f) as requirement:

theory(f) ⋀ ~inv(f) ⋀ (f : x -> y) ⋀ (x -> y) => (y -> x)

This prevents use of ~true to get the inverse map.

However, this requires adding app_theory (theory(f(x))) and updating id_def to (x : type(n)) ⋀ (a : x) => id(a) = a.