What is unsafe about the Ltac2.Constr.Unsafe module?

yiyunliu · September 16, 2022, 8:36pm

I find it very handy to have the AST of constr around for writing tactics. However, it is a little unnerving that kind is placed under the Unsafe submodule.

In what sense is it unsafe? Will it cause coq to crash or make my proof unsound?

I saw functions such as is_constructor are exported as safe functions. My guess is that as long as I don’t use the AST to construct terms but only traverse/read the AST as an extension of pattern matching, I shouldn’t run into any issues. Is that correct?

SkySkimmer · September 19, 2022, 8:31am

The subterms it produces are unsafe, for instance from fun x => x you can get an unbound variable by looking at the body of the function.

JasonGross · September 23, 2022, 8:50am

It’s also the case that the terms you construct can break various invariants (that all de Bruijn indices are positive and bound, that all named variables exist in the context, that evars are in a consistent state, etc) that other parts of the code rely on, resulting in various errors, anomalies, and even crashes.

Topic		Replies	Views
Notation substitution and identifiers Using Coq ltac2 , notation	0	720	March 26, 2020
Using string_scope without Import-ing String Using Coq	2	584	August 13, 2019
Extracting strings and ascii Using Coq	2	881	April 27, 2020
avoiding type error Using Coq	11	604	March 11, 2021
Best way to obtain constrs free from de Bruijn indices? Developing plugins serapi	4	814	July 31, 2019

What is unsafe about the Ltac2.Constr.Unsafe module?

Related Topics