Open
Conversation
sgraf812
reviewed
Mar 24, 2026
Contributor
sgraf812
left a comment
sgraf812
left a comment
There was a problem hiding this comment.
Generally fine, but there are a couple of smaller things worth of cleanup that I didn't bother addressing. Let Claude have a second-opinion/review pass on this for cleanup.
volodeyka
changed the title
mvcgen tacticmvcgen tactic
1 task
volodeyka
added a commit
that referenced
this pull request
Mar 27, 2026
…OptionT WP, remove dead code Structural changes: - Make PredTrans a structure with `apply` field, add extensionality lemma - Add apply_* simp framework (apply_pure, apply_bind, apply_map, etc.) - Add pushOption/EPost.cons.pushOption for OptionT support Renames (per Sebastian Graf's review of PR #12965): - WPMonad → WP (class name) - wp_cons → wp_consequence (and derived names) - wp_trans_pure/bind/monotone → wpTrans_pure/bind/monotone - LawfulWPMonadLift → LawfulWPLift, etc. Class merge and parameter renames: - Merge AssertionLang + ExceptAssertionLang into single `Assertion` - Rename type params: l → Pred, el/e → EPred OptionT support: - Add OptionT.instWP using pushOption with EPost.cons Pred EPred - Uncomment all OptionT WP lemmas and Triple specs Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
github-actions
Bot
added
the
changes-stage0
… args Change AssertionLang and ExceptAssertionLang from standalone classes to class abbrevs over CompleteLattice, and require them as class arguments to WPMonad rather than using extends. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- LatticeExt: wrap in `namespace Lean.Order`, scope ⊤ ⊓ ⊔ ⌜⌝ notations - Frame: move from `namespace Loom` to `namespace Lean.Order`, scope ⇨ - Frame: rename field `inf_sup` → `meet_sup` Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Convert `inductive EPost.nil` and `inductive EPost.cons` to `structure` - Remove manual head/tail projections (now auto-generated) - Simplify PartialOrder/CompleteLattice instances using PProd - Rename `mk_rel` → `rel_mk` Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…OptionT WP, remove dead code Structural changes: - Make PredTrans a structure with `apply` field, add extensionality lemma - Add apply_* simp framework (apply_pure, apply_bind, apply_map, etc.) - Add pushOption/EPost.cons.pushOption for OptionT support Renames (per Sebastian Graf's review of PR #12965): - WPMonad → WP (class name) - wp_cons → wp_consequence (and derived names) - wp_trans_pure/bind/monotone → wpTrans_pure/bind/monotone - LawfulWPMonadLift → LawfulWPLift, etc. Class merge and parameter renames: - Merge AssertionLang + ExceptAssertionLang into single `Assertion` - Rename type params: l → Pred, el/e → EPred OptionT support: - Add OptionT.instWP using pushOption with EPost.cons Pred EPred - Uncomment all OptionT WP lemmas and Triple specs Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
volodeyka
force-pushed
the
vova/new-do-foundations
branch
from
b446ea9 to
847630b
Compare
volodeyka
removed
the
changes-stage0
…nts by removing redundant attributes. Introduce `open Classical` for improved readability.
…emmas.lean`. Update documentation for clarity and consistency, replacing `EPred` with `eInvariant EPred` in relevant theorem signatures.
sgraf812
reviewed
Apr 16, 2026
Contributor
sgraf812
left a comment
sgraf812
left a comment
There was a problem hiding this comment.
More tomorrow. I'm slowly coming to think that it will be more efficient to merge soon and then guide an AI to do the changes that I request here rather then writing comments on GH to have you implement them.
Comment on lines
+39
to
+42
| /-- Hoare triple notation without exception postcondition (defaults to `⊥`). -/ | ||
| notation:60 "⦃ " pre " ⦄ " x " ⦃ " post " ⦄" => Triple pre x post ⊥ | ||
| /-- Hoare triple notation with a binder for the return value. -/ | ||
| notation:60 "⦃ " pre " ⦄ " x " ⦃ " v ", " post " ⦄" => Triple pre x (fun v => post) ⊥ |
Contributor
There was a problem hiding this comment.
This is a breaking change to every existing use of notation... We should ensure that it is actually better than what we currently have. Let's discuss this in our next meeting.
What I like about what we currently have is that ⦃pre⦄ x ⦃⇓r => post⦄ evokes similarity to Lean's fun r => post syntax. On the other hand, ⦃pre⦄ x ⦃r, post⦄ looks neater and is closer to what people might be used to from pen and paper proofs. However, it's quite un-Lean-ish.
Furthermore, ⦃pre⦄ x ⦃⇓? r => post⦄ can be used to say Triple $pre $x (fun r => $post) T and there presently is no notation to say this in your patch. Generally it seems that you lose notation whenever the epost is non-bottom.
Maybe the cleanest solution is:
⦃pre⦄ x ⦃post⦄=>Triple pre x post ⊥(your first notation)⦃pre⦄ x ⦃post⦄?=>Triple pre x post T⦃pre⦄ x ⦃post⦄ ⦃eposts...⦄=>Triple pre x post epost<eposts...>(likely needs to be a macro)⦃pre⦄ x ⦃r => post⦄=>⦃pre⦄ x ⦃fun r => post⦄(compositional expansion; thefunis effectively optional. Not sure if that's worth it. I tend to think it isn't.)
Author
There was a problem hiding this comment.
As for my taste, I would want to avoid unicode whenever possible. I like ⇓and ⇓? symbols, but I feel it requires a little too much of a context. If we add it, it will be giving Coq-SSReflect vibes, where there are tons of conventions, which are really smart and useful, but make the overall framework highly exclusive. You really need to get into the head of developers to understand what's going on.
- for
,versus=>, I was thinking of it a lot, and finally deceid on,because it is already used in big operator notations. It is so standard in maths, that it kinda overrides Lean style for me sometimes.
I think we should either use,or jut go with⦃fun r => post⦄. Omittingfunmight confuse people - I don't have any super strong opinion about
⦃pre⦄ x ⦃post⦄?. We can add it if you think it is going to be used - I would change
⦃pre⦄ x ⦃post⦄ ⦃eposts...⦄into⦃pre⦄ x ⦃post; eposts...⦄and also separateepostswith;. Then it would be somewhat uniform.
Contributor
There was a problem hiding this comment.
Agreed on unicode. we should ensure that ⦃ can be typed as {{ as well.
-
,sounds fine then. -
⦃post⦄?is useful because you can't really write T in the syntax I proposed -
I would change ⦃pre⦄ x ⦃post⦄ ⦃eposts...⦄ into ⦃pre⦄ x ⦃post; eposts...⦄ and also separate eposts with ;
Hmm, I fear that
;is not enough signalling. It is also ambiguous with⦃v, match v with none => ...; some _ => ...; blah⦄. Note that Iris separates into two {{}} as well. Also do you expect users to write⦃post; epost<e1,e2,e3>⦄(note that we switched from , to ;) or is it more like⦃post; e1; e2; e3⦄?
…e CompleteLattice.pure to Assertion.ofProp Move `class abbrev Assertion` and CCPO instance from WP/Basic.lean into the renamed Assertion.lean. Rename `CompleteLattice.pure` to `Assertion.ofProp` and rename all related lemmas (`trueE` → `ofProp_true`, `falseE` → `ofProp_false`, `LE.pure_imp` → `ofProp_imp`, `LE.pure_intro` → `ofProp_intro`, `pure_intro_l` → `ofProp_intro_l`, `pure_intro_r` → `ofProp_intro_r`).
Add Gadget to Triple umbrella import. Remove duplicate List.Cursor and Std.Legacy.Range.toList definitions from Experimental SpecLemmas, importing them from the non-Experimental Std.Do.Triple.SpecLemmas instead.
github-actions
Bot
added
the
toolchain-available
mathlib-nightly-testing Bot
pushed a commit
to leanprover-community/batteries
that referenced
this pull request
Apr 17, 2026
github-actions
Bot
added
the
mathlib4-nightly-available
mathlib-nightly-testing Bot
pushed a commit
to leanprover-community/mathlib4-nightly-testing
that referenced
this pull request
Apr 17, 2026
leanprover-bot
added a commit
to leanprover/reference-manual
that referenced
this pull request
Apr 17, 2026
leanprover-bot
added
the
builds-manual
Collaborator
|
Reference manual CI status:
|
mathlib-lean-pr-testing
Bot
added
the
builds-mathlib
|
Mathlib CI status (docs):
|
mathlib-nightly-testing Bot
pushed a commit
to leanprover-community/batteries
that referenced
this pull request
Apr 17, 2026
mathlib-nightly-testing Bot
pushed a commit
to leanprover-community/mathlib4-nightly-testing
that referenced
this pull request
Apr 17, 2026
leanprover-bot
added a commit
to leanprover/reference-manual
that referenced
this pull request
Apr 17, 2026
|
Mathlib CI status (docs):
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR Introduces new foundations for reasoning about monadic Lean code. Eventually we will port
mvcgenon top of these new foundations, to make the framework more general and robust.Key issues, new metatheory is supposed to solve are
CompleteLatticemight become a pre-/post-condtions language, not onlySPred. It potentially gives an opportunity to reason about probabilistic monads, where assertion language are distributions. This also simplifies the metatheory of monadic Hoare triples, as it does not require defining the notion ofSPred, and allows users to work in a fairly common interface ofCompleteLatticepostfor post-conditions on terminating paths and (2)epostfor post-conditions on abrupt paths. Current foundations always bundle them into a pair, which inevitably leads to constructing and eliminating such pairs everywhere in the code.WPMonadtype class. In particular we do not requirewpto distribute overbindany more. Instead, we require justwp x (fun x => wp (f x) post epost) epost ⊑ wp (x >>= f) post epost, i.e. the distributedwpmust only imply the non-distributed one (and not necessarily vice versa). With this we can defineWPMonadfor Separation Logic, wherewponly distributes overbindon local-footprint computations.WPMonad Id.{u} Prop EPost⟨⟩, which means that for arbitrary levelIdthe language for pre-/post-conditions is going to be justPropand the language for post-conditions on abrupt exits is idle.