The HoTT/HoTT Library in Coq
Designing for Speed
Jason Gross
Massachusetts Institute of Technology
For ICMS 2016, adapted from ITP 2014 presentation
Category theory work done with Adam Chlipala and David I. Spivak
HoTT/HoTT library additionally co-authored by Andrej Bauer, Peter LeFanu Lumsdaine, Mike
Shulman, Bas Spitters, and includes contributions from Assia Mahboubi, Marc Bezem, Kristina
Sojakova, Daniel R. Grayson, Gaetan Gilbert, Matthieu Sozeau, Jérémy Ledent, Kevin Quirin,
Steve Awodey, Cyril Cohen, Egbert, Benedikt Ahrens, Edward Z. Yang, Georgy Dunaev, Jesse C.
McKeown, Simon Boulier, Alexander Karpich, Jelle Herold, John Dougherty, MatΔj Grabovský,
Michael Nahas, and Yves Bertot
How should theorem provers work?
2
How theorem provers should work:
1=0
Coq, is this
correct?
No; hereβs a
proof of
1 = 0 β False
3
How theorem provers should work:
Theorem (currying) : πͺπ β πͺπ β π«
Proof: homework β
Coq, is this
correct?
β
(πͺπ × πͺπ β π«)
Yes; hereβs a
proof β¦
4
How theorem provers should work:
Theorem (currying) : πͺπ β πͺπ β π«
Proof: homework β
Theorem currying : πΆ1 β πΆ2 β π·
Proof.
trivial.
Qed.
β
(πͺπ × πͺπ β π«)
β
πΆ1 × πΆ2 β π· .
5
How theorem provers should work:
Theorem (currying) : πͺπ β πͺπ β π« β
(πͺπ × πͺπ β π«)
Proof: β: π β¦ π ππ , ππ . π ππ ππ ; morphisms similarly
β: π β¦ π ππ . π ππ . π(ππ , ππ ); morphisms similarly
Functoriality, naturality, and congruence: straightforward.
β
Theorem currying : πΆ1 β πΆ2 β π· β
πΆ1 × πΆ2 β π· .
Proof.
esplit.
{ by refine (πF (πΉ β¦ (πF (π β¦ πΉo π1 π2 )))). }
{ by refine (πF (πΉ β¦ (πF (π1 β¦ (πF (π2 β¦ πΉo (π1 , π2 ))))))). }
all: trivial.
Qed.
6
How theorem provers should work:
Theorem (currying) : πͺπ β πͺπ β π« β
(πͺπ × πͺπ β π«)
Proof: β: π β¦ π ππ , ππ . π ππ ππ ; morphisms similarly
β: π β¦ π ππ . π ππ . π(ππ , ππ ); morphisms similarly
Functoriality, naturality, and congruence: straightforward.
β
Theorem currying : πΆ1 β πΆ2 β π· β
πΆ1 × πΆ2 β π· .
Proof.
esplit.
{ by refine (πF (πΉ β¦ (πF (π β¦ πΉo π1 π2 ) (π π π β¦ πΉo π1 m π2 β πΉm π1 o π 2 ))
(πΉ πΊ π β¦ (πT (π β¦ π π1 π2 )))). }
{ by refine (πF (πΉ β¦ (πF (π1 β¦ (πF (π2 β¦ πΉo (π1 , π2 )) (π π π β¦ πΉm (1, π))))
(πΉ πΊ π β¦ (πT (π1 β¦ (πT (π2 β¦ π (π1 , π2 )))))). }
all: trivial.
Qed.
7
How theorem provers do work:
Theorem (currying) : πͺπ β πͺπ β π« β
(πͺπ × πͺπ β π«)
Proof: β: π β¦ π ππ , ππ . π ππ ππ ; morphisms similarly
β: π β¦ π ππ . π ππ . π(ππ , ππ ); morphisms similarly
Functoriality, naturality, and congruence: straightforward.
17 s
β0s
β
2m 46 s !!! (5 s, if we use UIP)
Theorem currying : πΆ1 β πΆ2 β π· β
πΆ1 × πΆ2 β π· .
Proof.
esplit.
{ by refine (πF (πΉ β¦ (πF (π β¦ πΉo π1 π2 ) (π π π β¦ πΉo π1 m π2 β πΉm π1 o π 2 ))
(πΉ πΊ π β¦ (πT (π β¦ π π1 π2 )))). }
{ by refine (πF (πΉ β¦ (πF (π1 β¦ (πF (π2 β¦ πΉo (π1 , π2 )) (π π π β¦ πΉm (1, π))))
(πΉ πΊ π β¦ (πT (π1 β¦ (πT (π2 β¦ π (π1 , π2 )))))). }
all: trivial.
Qed.
8
Performance is important!
If weβre not careful, obvious or trivial things can be
very, very slow.
9
Why you should listen to me
Theorem : You should listen to me.
Proof.
by experience.
Qed.
10
Why you should listen to me
Category theory in Coq: https://github.com/HoTT/HoTT
(subdirectory theories/categories):
Concepts Formalized:
β’
1-precategories (in the sense of the HoTT Book)
β’
univalent/saturated categories (or just categories, in the HoTT Book)
β’
functor precategories πΆ β π·
β’
dual functor isomorphisms Cat β Cat; and πΆ β π· op β (πΆ op β π·op )
β’
the category Prop of (U-small) hProps
β’
the category Set of (U-small) hSets
β’
the category Cat of (U-small) strict (pre)categories (strict in the sense of the
objects being hSets)
β’
pseudofunctors
β’
pseudonatrual transformations
β’
(op)lax comma categories
β’
profunctors
β’
identity profunctor (the hom functor πΆ op × πΆ β Set)
β’
adjoints
β’
equivalences between a number of definitions:
β’
unit-counit + zig-zag definition
β’
unit + UMP definition
β’
counit + UMP definition
β’
universal morphism definition
β’
hom-set definition
β’
composition, identity, dual
β’
pointwise adjunctions in the library, πΊ πΈ β£ πΉ πΆ and πΈ πΉ β£ πΆ πΊ from an
adjunction πΉ β£ πΊ for functors πΉ: πΆ β π·: πΊ and πΈ a precategory
β’
Yoneda lemma
β’
β’
β’
β’
β’
Exponential laws
β’
πΆ 0 β
1; 0πΆ β
0 given an object in πΆ
β’
πΆ 1 β
πΆ; 1πΆ β
1
β’
πΆ π΄+π΅ β
πΆ π΄ × πΆ π΅
β’
(π΄ × π΅)πΆ β
π΄πΆ × π΅πΆ
β’
(π΄π΅ )πΆ β
π΄π΅×πΆ
Product laws
β’
πΆ×π· β
π·×πΆ
β’
πΆ×0β
0×πΆ β
0
β’
πΆ×1β
1×πΆ β
πΆ
Grothendieck construction (oplax colimit) of a pseudofunctor to Cat
Category of sections (gives rise to oplax limit of a pseudofunctor to Cat when
applied to Grothendieck construction
functor composition is functorial (there's a functor Ξ: πΆ β π· β (π· β
11
Presentation is not mainly about:
12
Presentation is not mainly about:
β’ category theory or diagram chasing
Cartoon from xkcd, adapted by Alan Huang
13
Presentation is not mainly about:
β’ category theory or diagram chasing
Cartoon from xkcd, adapted by Alan Huang
β’ the mathematical content
of the library
14
Presentation is not mainly about:
β’ category theory or diagram chasing
Cartoon from xkcd, adapted by Alan Huang
β’ the mathematical content
of the library
β’ Coq
15
Presentation is not mainly about:
β’ category theory or diagram chasing
Cartoon from xkcd, adapted by Alan Huang
β’ the mathematical content
of the library
β’ Coq (though what I say might not always generalize nicely)
16
Presentation is about:
β’ performance
β’ the design of proof assistants and type theories to
assist with performance
β’ the kind of performance issues I encountered
β’ an overview of the content of the HoTT/HoTT library
17
Presentation is for:
β’ Homotopy type theorists
β’ Who are interested in the HoTT/HoTT library
β’ Users of proof assistants (and Coq in particular)
β’ Who want to make their code faster
β’ Designers of (type-theoretic) proof assistants
β’ Who want to know where to focus their optimization efforts
18
Outline
β’ Why should we care about performance?
β’ Overview of the HoTT/HoTT library
β’ What makes theorem provers (mainly Coq) slow?
β’ Examples of particular slowness
β’ For users (workarounds)
β’ Arguments vs. fields and packed records
β’ Abstraction barriers
β’ For developers (features)
β’ Primitive projections
19
Dam image from http://www.flickr.com/photos/gammaman/7803829282/ by Eli Christman, CC by 2.0
HoTT/HoTT Library: Contents
β’ Basic type formers and their identity types
β’ h-levels, object classifier, β¦
β’ Many examples of HITs from the book:
β’ Circle, interval, suspensions, flattening, truncations,
quotients
β’ π1 π 1 = β€
β’ Modalities (reflective subtoposes)
β’ Spaces: Cantor, Finite, Surreals, β¦
β’ Categories
20
HoTT/HoTT Library: Diagram
21
Performance
β’ Question: What makes programs, particularly theorem
provers or proof scripts, slow?
23
Performance
β’ Question: What makes programs, particularly theorem
provers or proof scripts, slow?
β’ Answer: Doing too much stuff!
24
Performance
β’ Question: What makes programs, particularly theorem
provers or proof scripts, slow?
β’ Answer: Doing too much stuff!
β’ doing the same things repeatedly
25
Snail from http://naolito.deviantart.com/art/Repetitive-task-258126598
Performance
β’ Question: What makes programs, particularly theorem
provers or proof scripts, slow?
β’ Answer: Doing too much stuff!
β’ doing the same things repeatedly
β’ doing lots of stuff for no good reason
26
Running rooster from http://d.wapday.com:8080/animation/ccontennt/15545-f/mr_rooster_running.gif
Performance
β’ Question: What makes programs, particularly theorem
provers or proof scripts, slow?
β’ Answer: Doing too much stuff!
β’ doing the same things repeatedly
β’ doing lots of stuff for no good reason
β’ using a slow language when you could be
using a quicker one
27
Proof assistant performance
β’ What kinds of things does Coq do?
β’ Type checking
β’ Term building
β’ Unification
β’ Normalization
28
Proof assistant performance (pain)
β’ When are these slow?
β’ when you duplicate work
β’ when you do work on a part of a term you end up not caring
about
β’ when you do them too many times
β’ when your term is large
29
Proof assistant performance (size)
β’ How large is slow?
30
Proof assistant performance (size)
β’ How large is slow?
β’ Around 150,000β500,000 words
31
Durations of Various Tactics vs. Term Size (Coq v8.4, 2.4 GHz Intel Xeon CPU, 16 GB RAM)
100 s
destruct x (v8.4)
assert (z := true); destruct z (v8.4)
10 s
set (y := x) (v8.4)
set (y := bool) (v8.4)
lazymatch goal with |- ?f ?a = ?g ?b => let H := constr:(@f_equal bool bool f a b
(@eq_refl bool a)) in apply H end (v8.4)
apply f_equal (v8.4)
generalize x (v8.4)
1s
assert (z := true); generalize z (v8.4)
lazymatch goal with |- ?f ?a = ?g ?b => let H := constr:(@f_equal bool bool f a b
(@eq_refl bool a)) in exact H end (v8.4)
match goal with |- ?G => set (y := G) end (v8.4)
lazymatch goal with |- ?f ?a = ?g ?b => let H := constr:(@f_equal bool bool f a b
(@eq_refl bool a)) in exact_no_check H end (v8.4)
lazymatch goal with |- ?f ?a = ?g ?b => let H := constr:(@f_equal bool bool f a b
(@eq_refl bool a)) in idtac end (v8.4)
lazymatch goal with |- ?f ?a = ?g ?b => let H := constr:(@f_equal bool bool f a b)
in idtac end (v8.4)
0.1 s
assert (z := true); revert z (v8.4)
lazymatch goal with |- ?f ?a = ?g ?b => idtac end (v8.4)
0.01 s
1.0E+0
32
1.0E+1
1.0E+2
1.0E+3
1.0E+4
1.0E+5
1.0E+6
1.0E+7
1.0E+8
Durations of Various Tactics vs. Term Size (Coq v8.6, 3.5 GHz Intel i7 CPU, 64 GB RAM)
100 s
destruct x (v8.6)
assert (z := true); destruct z (v8.6)
10 s
set (y := x) (v8.6)
set (y := bool) (v8.6)
lazymatch goal with |- ?f ?a = ?g ?b => let H := constr:(@f_equal bool bool f a b
(@eq_refl bool a)) in apply H end (v8.6)
apply f_equal (v8.6)
generalize x (v8.6)
1s
assert (z := true); generalize z (v8.6)
lazymatch goal with |- ?f ?a = ?g ?b => let H := constr:(@f_equal bool bool f a b
(@eq_refl bool a)) in exact H end (v8.6)
match goal with |- ?G => set (y := G) end (v8.6)
lazymatch goal with |- ?f ?a = ?g ?b => let H := constr:(@f_equal bool bool f a b
(@eq_refl bool a)) in exact_no_check H end (v8.6)
lazymatch goal with |- ?f ?a = ?g ?b => let H := constr:(@f_equal bool bool f a b
(@eq_refl bool a)) in idtac end (v8.6)
lazymatch goal with |- ?f ?a = ?g ?b => let H := constr:(@f_equal bool bool f a b)
in idtac end (v8.6)
0.1 s
assert (z := true); revert z (v8.6)
lazymatch goal with |- ?f ?a = ?g ?b => idtac end (v8.6)
0.01 s
1.0E+0
33
1.0E+1
1.0E+2
1.0E+3
1.0E+4
1.0E+5
1.0E+6
1.0E+7
1.0E+8
Proof assistant performance (size)
β’ How large is slow?
β’ Around 150,000β500,000 words
Do terms actually get this large?
34
Proof assistant performance (size)
β’ How large is slow?
β’ Around 150,000β500,000 words
Do terms actually get this large?
YES!
35
Proof assistant performance (size)
β’ A directed graph has:
β’ a type of vertices (points)
β’ for every ordered pair of vertices, a type of arrows
36
Proof assistant performance (size)
β’ A directed 2-graph has:
β’ a type of vertices (0-arrows)
β’ for every ordered pair of vertices, a type of arrows (1-arrows)
β’ for every ordered pair of 1-arrows between the same vertices, a
type of 2-arrows
37
Proof assistant performance (size)
β’ A directed arrow-graph comes from turning arrows into
vertices:
38
Proof assistant performance (pain)
β’ When are these slow?
β’ When your term is large
β’ Smallish example (29 000 words): Without Proofs:
{| LCCMF β _\_inducedF π22 β π12 ;
LCCMT β π π (π π βΆ π2β² / πΉ β π21 π. π½ β π11 π. π½) |} =
{| LCCMF β _\_inducedF π12 β _\_inducedF π22 ;
LCCMT β π π (π π βΆ π2β² / πΉ β π21 π. π½ β π1 1 π β π11 π. π½ β π) |}
39
Proof assistant performance (pain)
β’ When are these slow?
β’ When your term is large
β’ Smallish example (29 000 words): Without Proofs:
{| LCCMF β _\_inducedF π22 β π12 ;
LCCMT β π π π π βΆ π2β² / πΉ β π21 π. π½ β π11 π. π½
(Ξ βpf π 2 (π π π π βΆ πΆ β π21 π β π11 π
(β1 βpf π21 π11 )) (π22 β π12 )) |} =
{| LCCMF β _\_inducedF π12 β _\_inducedF π22 ;
LCCMT β π π (π π βΆ π2β² / πΉ β π21 π. π½ β π1 1 π β π11 π. π½ β π)
(β1 βpf
(π π
π π βΆ π2β² / πΉ β π21 π. π½ (Ξ βpf π
(π π π π βΆ π2β² / πΉ β π1 1 π β π11 π. π½ β π
(β1 βpf
(π π
π π βΆ π2β² / πΉ β π1
(β0 βpf (π π π π βΆ π2 /40πΉ β
Proof assistant performance (pain)
β’ When are these slow?
β’ When your term is large
β’ Smallish example (29 000 words): Without Proofs:
{| LCCMF β _\_inducedF π22 β π12 ;
LCCMT β π π π π βΆ π2β² / πΉ β π21 π. π½ β π11 π. π½
(Ξ βpf π 2 (π π π π βΆ πΆ β π21 π β π11 π
(β1 βpf π21 π11 )) (π22 β π12 )) |} =
{| LCCMF β _\_inducedF π12 β _\_inducedF π22 ;
LCCMT β π π (π π βΆ π2β² / πΉ β π21 π. π½ β π1 1 π β π11 π. π½ β π)
(β1 βpf (π π π π βΆ π2β² / πΉ β π21 π. π½ (Ξ βpf π2 π21 π22 )))
(π π π π βΆ π2β² / πΉ β π1 1 π β π11 π. π½ β π
(β1 βpf (π π π π βΆ π2β² / πΉ β π1 1 π β π11 π. π½
(β0 βpf (π π π π βΆ π2 / πΉ β π11 π. π½
(Ξ βpf π 2 π11 π12 )) π)) π))) |}
41
Proof assistant performance (fixes)
β’ How do we work around this?
42
Proof assistant performance (fixes)
β’ How do we work around this?
β’ By hiding from the proof checker!
43
Fence from http://imgarcade.com/1/hiding-clipart/
Proof assistant performance (fixes)
β’ How do we work around this?
β’ By hiding from the proof checker!
β’ How do we hide?
44
Proof assistant performance (fixes)
β’ How do we work around this?
β’ By hiding from the proof checker!
β’ How do we hide?
β’ Good engineering
β’ Better proof assistants
45
Proof assistant performance (fixes)
Careful Engineering
46
Outline
β’ Why should we care about performance?
β’ Overview of the HoTT/HoTT library
β’ What makes theorem provers (mainly Coq) slow?
β’ Examples of particular slowness
β’ For users (workarounds)
β’ Arguments vs. fields and packed records
β’ Abstraction barriers
β’ For developers (features)
β’ Primitive projections
47
Dam image from http://www.flickr.com/photos/gammaman/7803829282/ by Eli Christman, CC by 2.0
Proof assistant performance (fixes)
β’ How?
β’ Avoid exponential blowup: Pack your records!
48
Proof assistant performance (fixes)
β’ How?
β’ Avoid exponential blowup: Pack your records!
A mapping of graphs is a mapping of vetices to vertices and
arrows to arrows
mapping
49
Proof assistant performance (fixes)
β’ How?
β’ Avoid exponential blowup: Pack your records!
At least two options to define graph:
Record Graph := { V : Type ; E : V β V β Type }.
Record IsGraph (V : Type) (E : V β V β Type) := { }.
50
Proof assistant performance (fixes)
Record Graph := { V : Type ; E : V β V β Type }.
Record IsGraph (π: Type) (πΈ: πβ πβ Type) := { }.
Big difference for size of functor:
Mapping : Graph β Graph β Type.
vs.
IsMapping : β (ππΊ : Type) (ππ» : Type)
(πΈπΊ : ππΊ β ππΊ β Type) (πΈπ» : ππ» β ππ» β Type),
IsGraph ππΊ πΈπΊ β IsGraph ππ» πΈπ» β Type.
51
Proof assistant performance (fixes)
β’ How?
β’ Either donβt nest constructions, or don't unfold nested
constructions
β’ Coq only cares about unnormalized term size β βWhat I don't
know can't hurt meβ
52
Proof assistant performance (fixes)
β’ How?
β’ More systematically, have good abstraction barriers
53
Proof assistant performance (fixes)
β’ How?
β’ Have good abstraction barriers
Leaky abstraction barriers
generally only torture
programmers
54
Dam image from http://www.flickr.com/photos/gammaman/7803829282/ by Eli Christman, CC by 2.0
Proof assistant performance (fixes)
β’ How?
β’ Have good abstraction barriers
Leaky abstraction barriers
torture Coq, too!
55
Dam image from http://www.flickr.com/photos/gammaman/7803829282/ by Eli Christman, CC by 2.0
Proof assistant performance (fixes)
β’ How?
β’ Have good abstraction barriers
Example: Pairing (without judgmental Ξ·)
Two ways to make use of elements of a pair:
let (π₯, π¦) := π in π π₯ π¦. (pattern matching)
π (fst π) (snd π). (projections)
56
Proof assistant performance (fixes)
β’ How?
β’ Have good abstraction barriers
Example: Pairing (without judgmental Ξ·)
Two ways to make use of elements of a pair:
let (π₯, π¦) := π in π π₯ π¦. (pattern matching)
π (let (π₯, π¦) := π in π₯) (let (π₯, π¦) := π in π¦). (projections)
These ways do not unify!
57
Proof assistant performance (fixes)
β’ How?
β’ Have good abstraction barriers
Leaky abstraction barriers
torture Coq, too!
Rooster Image from
http://www.animationlibrary.com/animation/18342/Chicken_blows_up/
59
Dam image from http://www.flickr.com/photos/gammaman/7803829282/ by Eli Christman, CC by 2.0
Proof assistant performance (fixes)
β’ How?
β’ Have good abstraction barriers
Leaky abstraction barriers
torture Coq, too!
60
Dam image from ID-L-0010, WaterArchives.org, CC by SA 2.0
Proof assistant performance (fixes)
Concrete Example (Old Version)
Local Notation mor_of π0 π1 π:=
(let ππ1 := IsInitialMorphism_morphism (@HM π1 ) in
(@center _ (IsInitialMorphism_property (@HM π0) _ (ππ1 β f))) 1 ) (only parsing).
Lemma composition_of π₯ π¦ π§ π π: mor_of _ _ (π β π) = mor_of π¦ π§ π β mor_of π₯ π¦ π.
Proof.
simpl.
match goal with | [ β’ ((@center ?π΄?π») 2 ) 1 = _ ] β erewrite (@contr π΄ π» (center _; (_; _))) end.
simpl; reflexivity.
Grab Existential Variables.
simpl in β.
repeat match goal with | [ β’ appcontext[(?π₯ 2 ) 1 ] ] β generalize (π₯ 2 ); intro end.
rewrite ?composition_of.
repeat try_associativity_quick (idtac; match goal with | [ β’ appcontext[?π₯ 1 ] ] β simpl rewrite π₯ 2 end).
rewrite ?left_identity, ?right_identity, ?associativity.
reflexivity.
Qed.
Size of goal (after first simpl): 7312 words
Size of proof term: 66 264 words
Total time in file: 39 s
8s
2s
2.5 s
0.5 s
3.5 s
0.3 s
20 s
61
Proof assistant performance (fixes)
Concrete Example (New Version)
Local Notation mor_of π0 π1 π:=
(let ππ1 := IsInitialMorphism_morphism (@HM π1 ) in
IsInitialMorphism_property_morphism (@HM π0) _ (ππ1 β π)) (only parsing).
Lemma composition_of π₯ π¦ π§ π π: mor_of _ _ (π β π) = mor_of π¦ π§ π β mor_of π₯ π¦ π.
Proof.
simpl.
erewrite IsInitialMorphism_property_morphism_unique; [ reflexivity | ].
rewrite ?composition_of.
repeat try_associativity_quick rewrite IsInitialMorphism_property_morphism_property.
reflexivity.
Qed.
0.08 s
(was 10 s)
0.08 s
(was 0.5 s)
0.5 s
(was 3.5 s)
0.5 s
(was 3.5 s)
Size of goal (after first simpl): 191 words (was 7312)
Size of proof term: 3 632 words (was 66 264)
62
Total time in file: 3 s (was 39 s)
Proof assistant performance (fixes)
Concrete Example (Old Interface)
Definition IsInitialMorphism_object (π : IsInitialMorphism π΄π) : π· := CommaCategory.b π΄π.
Definition IsInitialMorphism_morphism (π : IsInitialMorphism π΄π) : morphism πΆ π (π 0 (IsInitialMorphism_object π)) := CommaCategory.f π΄π.
Definition IsInitialMorphism_property (π : IsInitialMorphism π΄π) (π : π·) (π : morphism πΆ π (π 0 π))
: Contr { π : morphism π· (IsInitialMorphism_object π) π | π 1 π β (IsInitialMorphism_morphism π) = π }.
Proof.
(ββ We could just [rewrite right_identity], but we want to preserve judgemental computation rules. β)
pose proof (@trunc_equivβ² _ _ (symmetry _ _ (@CommaCategory.issig_morphism _ _ _ !π π _ _)) -2 (π (CommaCategory.Build_object !π π tt π π))) as π»β².
simpl in π»β².
apply contr_inhabited_hprop.
- abstract (
apply @trunc_succ in π»β²;
eapply @trunc_equivβ²; [ | exact π»β² ];
match goal with
| [ β’ appcontext[?π β π] ] β simpl rewrite (right_identity _ _ _ π)
| [ β’ appcontext[π β ?π] ] β simpl rewrite (left_identity _ _ _ π)
end;
simpl; unfold IsInitialMorphism_object, IsInitialMorphism_morphism;
let π΄ := match goal with β’ Equiv ?π΄ ?π΅ β constr:(π΄) end in
let π΅ := match goal with β’ Equiv ?π΄ ?π΅ β constr:(π΅) end in
apply (equiv_adjointify (π π₯ : π΄ β π₯ 2) (π π₯ : π΅ β (tt; π₯)));
[ intro; reflexivity | intros [[]]; reflexivity ]
).
- (exists ((@center _ π»β²) 2) 1).
abstract (etransitivity; [ apply ((@center _ π»β²) 2) 2 | auto with morphism ]).
Defined.
3s
1s
Total file time: 7 s
63
Proof assistant performance (fixes)
Concrete Example (New Interface)
Definition IsInitialMorphism_object (π : IsInitialMorphism π΄π) : π· := CommaCategory.b π΄π.
Definition IsInitialMorphism_morphism (π : IsInitialMorphism π΄π) : morphism πΆ π (π 0 (IsInitialMorphism_object π)) := CommaCategory.f π΄π.
Definition IsInitialMorphism_property_morphism (π : IsInitialMorphism π΄π) (π : π·) (f : morphism πΆ π (π 0 π)) : morphism π· (IsInitialMorphism_object π) π
:= CommaCategory.h (@center _ (π (CommaCategory.Build_object !π π tt π π))).
Definition IsInitialMorphism_property_morphism_property (π : IsInitialMorphism π΄π) (π : π·) (π : morphism πΆ π (π 0 π))
: π 1 (IsInitialMorphism_property_morphism π π π) β (IsInitialMorphism_morphism π) = π
:= CommaCategory.p (@center _ (π (CommaCategory.Build_object !π π tt π π))) @ right_identity _ _ _ _.
Definition IsInitialMorphism_property_morphism_unique (π : IsInitialMorphism π΄π) (π : π·) (f : morphism πΆ π (π 0 π)) πβ² (π» : π 1 πβ β IsInitialMorphism_morphism π = π)
: IsInitialMorphism_property_morphism π π π = πβ²
:= ap (@CommaCategory.h _ _ _ _ _ _ _)
(@contr _ (π (CommaCategory.Build_object !π π tt π π)) (CommaCategory.Build_morphism π΄π (CommaCategory.Build_object !π π tt π π) tt πβ² (π» @ (right_identity _ _ _ _) β1))).
Definition IsInitialMorphism_property (π : IsInitialMorphism π΄π) (π : π·) (f : morphism πΆ π (π 0 π))
: Contr { π : morphism π· (IsInitialMorphism_object π) π | π 1 π β (IsInitialMorphism_morphism π) = π }.
:= {| center := (IsInitialMorphism_property_morphism π π π; IsInitialMorphism_property_morphism_property π π π);
contr πβ² := path_sigma _ (IsInitialMorphism_property_morphism π π π; IsInitialMorphism_property_morphism_property π π π)
πβ² (@ IsInitialMorphism_property_morphism_unique π π π πβ² 1 πβ² 2) (center _) |}.
0.4 s
Total file time: 7 s
64
Proof assistant performance (fixes)
Concrete Example 2 (Generalization)
Lemma pseudofunctor_to_cat_assoc_helper {π₯ π₯0 : πΆ} {π₯2 : morphism πΆ x x0} {x1 : πΆ}
{π₯5 : morphism πΆ π₯0 π₯1 } {π₯4 : πΆ} {π₯7 : morphism πΆ π₯1 π₯4 }
{π π0 : PreCategory} {π : morphism πΆ π₯ π₯4 β Functor π0 π}
{π1 π2 : PreCategory} {π0 : Functor π2 π} {π1 : Functor π1 π2 } {π2 : Functor π0 π2 } {π3 : Functor π0 π1 } {π4 : Functor π1 π}
{π₯16 : morphism (_ β _) (π (π₯7 β π₯5 β π₯2 )) (π4 β π3 )%functor}
{π₯15 : morphism (_ β _) π2 (π1 β π3 )%functor} {π»2 : IsIsomorphism π₯15 }
{π₯11 : morphism (_ β _) (π (π₯7 β (π₯5 β π₯2 ))) (π0 β π2 )%functor}
{π»1 : IsIsomorphism π₯11 } {π₯9 : morphism (_ β _) π4 (π0 β π1 )%functor} {fst_hyp : π₯7 β π₯5 β π₯2 = π₯7 β (π₯5 β π₯2 )}
(rew_hyp : β π₯3 : π0 ,
(idtoiso (π0 β π) (ap π fst_hyp) : morphism_ _ _) π₯3 = π₯11 β1 π₯3 β (π0 1 (π₯15 β1 π₯3 ) β (π β (π₯9 (π3 π₯3 ) β π₯16 π₯3 ))))
{π»0β² : IsIsomorphism π₯16 } {π»1β² : IsIsomorphism π₯9 } {π₯13 : π} {π₯3 : π0 } {π₯6 : π1 } {π₯10 : π2 }
{π₯14 : morphism π (π0 π₯10 ) π₯13 } {π₯12 : morphism π2 (π1 π₯6 ) π₯10 } {π₯8 : morphism π1 (π3 π₯3 ) π₯6 }
: existT (π π5 : morphism πΆ π₯ π₯4 β morphism π ((π π5 ) π₯3 ) π₯13 )
(π₯7 β π₯5 β π₯2 )
(π₯14 β (π0 1 π₯12 β π₯9 π₯6 ) β (π4 1 π₯8 β π₯16 π₯3 )) = (π₯7 β (π₯5 β π₯2 ); π₯14 β (π0 1 (π₯12 β (π1 1 π₯8 β π₯15 π₯3 )) β π₯11 π₯3 )).
Proof.
helper_t assoc_before_commutes_tac.
assoc_fin_tac.
Qed.
Speedup: 10x for the file, from 4m 53s to 28 s
Time spent: a few hours
65
Outline
β’ Why should we care about performance?
β’ Overview of the HoTT/HoTT library
β’ What makes theorem provers (mainly Coq) slow?
β’ Examples of particular slowness
β’ For users (workarounds)
β’ Arguments vs. fields and packed records
β’ Abstraction barriers
β’ For developers (features)
β’ Primitive projections
66
Dam image from http://www.flickr.com/photos/gammaman/7803829282/ by Eli Christman, CC by 2.0
Proof assistant performance (fixes)
Better Proof Assistants
67
Outline
β’ Why should we care about performance?
β’ Overview of the HoTT/HoTT library
β’ What makes theorem provers (mainly Coq) slow?
β’ Examples of particular slowness
β’ For users (workarounds)
β’ Arguments vs. fields and packed records
β’ Abstraction barriers
β’ For developers (features)
β’ Primitive projections
68
Dam image from http://www.flickr.com/photos/gammaman/7803829282/ by Eli Christman, CC by 2.0
Proof assistant performance (fixes)
β’ How?
β’ Primitive projections
69
Proof assistant performance (fixes)
β’ How?
β’ Primitive projections
Definition 2-Graph :=
{V
: Type &
{ 1E
: V β V β Type &
: β π£1 π£2 , 1E π£1 π£2 β 1E π£1 π£2 β Type }.
Definition V (G : 2-Graph) := pr1 (pr1 G).
Definition 1E (G : 2-Graph) := pr1 (pr2 G).
Definition 2E (G : 2-Graph) := pr2 (pr2 G).
70
Proof assistant performance (fixes)
Definition 2-Graph :=
{V
: Type &
{ 1E
: V β V β Type &
: β π£1 π£2 , 1E π£1 π£2 β 1E π£1 π£2 β Type }.
Definition V (G : 2-Graph) := pr1 (pr1 G).
Definition 1E (G : 2-Graph) := pr1 (pr2 G).
Definition 2E (G : 2-Graph) := pr2 (pr2 G).
71
Proof assistant performance (fixes)
Definition 2-Graph :=
{V
: Type &
{ 1E
: V β V β Type &
: β π£1 π£2 , 1E π£1 π£2 β 1E π£1 π£2 β Type }.
Definition V (G : 2-Graph) :=
@pr1 Type (π V : Type β
{ 1E : V β V β Type &
: β π£1 π£2 , 1E π£1 π£2 β 1E π£1 π£2 β Type })
G.
72
Proof assistant performance (fixes)
Definition 2-Graph :=
{V
: Type &
{ 1E
: V β V β Type &
: β π£1 π£2 , 1E π£1 π£2 β 1E π£1 π£2 β Type }.
Definition V (G : 2-Graph) := pr1 (pr1 G).
Definition 1E (G : 2-Graph) := pr1 (pr2 G).
Definition 2E (G : 2-Graph) := pr2 (pr2 G).
73
Proof assistant performance (fixes)
Definition 1E (G : 2-Graph) :=
@pr1
(@pr1 Type (π V : Type β
{ 1E : V β V β Type &
: β π£1 π£2 , 1E π£1 π£2 β 1E π£1 π£2 β Type })
Gβ
(@pr1 Type (π V : Type β
{ 1E : V β V β Type &
: β π£1 π£2 , 1E π£1 π£2 β 1E π£1 π£2 β Type })
Gβ
(Type)
(π 1E : @pr1 Type (π V : Type β
{
1E : V β V β Type &
74
Proof assistant performance (fixes)
Definition 1E (G : 2-Graph) :=
@pr1
(@pr1 Type (π V : Type β
{ 1E : V β V β Type &
: β π£1 π£2 , 1E π£1 π£2 β 1E π£1 π£2 β Type })
Gβ
(@pr1 Type (π V : Type β
{ 1E : V β V β Type &
: β π£1 π£2 , 1E π£1 π£2 β 1E π£1 π£2 β Type })
Gβ
(Type)
(π 1E : @pr1 Type (π V : Type β
{ 1E : V β V β Type &
: β π£1 π£2 , 1E π£1 π£2 β 1E π£1 π£2 β Type })
Gβ
@pr1 Type (π V : Type β
{ 1E : V β V β Type &
: β π£1 π£2 , 1E π£1 π£2 β 1E π£1 π£2 β Type })
Gβ
Type β
β π£1 π£2 , 1E π£1 π£2 β 1E π£1 π£2 β Type)
(@pr2 Type (π V : Type β
{ 1E : V β V β Type &
: β π£1 π£2 , 1E π£1 π£2 β 1E π£1 π£2 β Type }
G)
75
Proof assistant performance (fixes)
Definition 1E (G : 2-Graph) :=
@pr1
(@pr1 Type (π V : Type β { 1E : V β V β Type & β (π£1 : V) (π£2 : V), 1E π£1 π£2 β 1E π£1 π£2 β Type }) G β
(@pr1 Type (π V : Type β { 1E : V β V β Type & β (π£1 : V) (π£2 : V), 1E π£1 π£2 β 1E π£1 π£2 β Type }) G β
(Type)
(π 1E : @pr1 Type (π V : Type β { 1E : V β V β Type & β (π£1 : V) (π£2 : V), 1E π£1 π£2 β 1E π£1 π£2 β Type }) G β
@pr1 Type (π V : Type β { 1E : V β V β Type & β (π£1 : V) (π£2 : V), 1E π£1 π£2 β 1E π£1 π£2 β Type }) G β
Type β
β(π£1 : @pr1 Type (π V : Type β { 1E : V β V β Type & β (π£1 : V) (π£2 : V), 1E π£1 π£2 β 1E π£1 π£2 β Type }) G)
(π£2 : @pr1 Type (π V : Type β { 1E : V β V β Type & β (π£1 : V) (π£2 : V), 1E π£1 π£2 β 1E π£1 π£2 β Type }) G),
1E π£1 π£2 β 1E π£1 π£2 β Type)
(@pr2 Type (π V : Type β { 1E : V β V β Type & β (π£1 : V) (π£2 : V), 1E π£1 π£2 β 1E π£1 π£2 β Type }) G)
:@pr1 Type (π V : Type β { 1E : V β V β Type & β (π£1 : V) (π£2 : V), 1E π£1 π£2 β 1E π£1 π£2 β Type }) G β
@pr1 Type (π V : Type β { 1E : V β V β Type & β (π£1 : V) (π£2 : V), 1E π£1 π£2 β 1E π£1 π£2 β Type }) G β
Type
Recall: Original was:
Definition 1E (G : 2-Graph) := pr1 (pr2 G).
76
Proof assistant performance (fixes)
β’ How?
β’ Primitive projections
β’ They eliminate the unnecessary arguments to projections,
cutting down the work Coq has to do.
77
Take-away messages
β’ Performance matters
(even in proof assistants)
β’ Term size matters for performance
β’ Performance can be improved by
β’ careful engineering of developments
β’ improving the proof assistant
or the metatheory
78
The presentation will be available at
http://people.csail.mit.edu/jgross/#hott-hott-and-category-coqexperience
An extended version is available at
http://people.csail.mit.edu/jgross/#category-coq-experience
The library is available at
https://github.com/HoTT/HoTT
79
© Copyright 2026 Paperzz