SizeUniv : SizeUniv is inconsistent
#5891
Assignees
Labels
false
Proof of the empty type which checks without known-unsafe flags (e.g. without --type-in-type)
sized types
Sized types, termination checking with sized types, size inference
sorts
Agda's sort system (see also piSort); univSort; Sort metas; Fibrancy
type: bug
Issues and pull requests about actual bugs
Milestone
Comments
nad
added
type: bug
|
I think the idea is that |
|
More potentially problematic code: primitive
primLockUniv : Set₁
data D : primLockUniv whereHowever, the following code is rejected: primitive
primLockUniv : Set₁
_ : primLockUniv
_ = primLockUnivThe following code is also rejected: {-# OPTIONS --cubical #-}
open import Agda.Primitive.Cubical
data D : IUniv where |
How function types into types in {-# OPTIONS --sized-types #-}
imp : SizeUniv
imp = Set → Size
⊥ : SizeUniv
⊥ = (X : SizeUniv) → XAlthough I thought the reason you can define a data def in |
andreasabel
added a commit
that referenced
this issue
May 6, 2022
… ... There was a check for IUniv but this could be worked around with sort metas. There was no check for SizeUniv nor LockUniv.
andreasabel
added a commit
that referenced
this issue
May 6, 2022
… ... There was a check for IUniv but this could be worked around with sort metas. There was no check for SizeUniv nor LockUniv.
andreasabel
added a commit
that referenced
this issue
May 6, 2022
… ... There was a check for IUniv but this could be worked around with sort metas. There was no check for SizeUniv nor LockUniv.
andreasabel
added a commit
that referenced
this issue
May 6, 2022
… ... There was a check for IUniv but this could be worked around with sort metas. There was no check for SizeUniv nor LockUniv.
@ionathanch : I can get Agda to loop by eliminating \bot to get an inhabitant of |
andreasabel
added a commit
that referenced
this issue
May 6, 2022
Agda now demands to know the sort of the data type (modulo levels) already at the end of the data definition.
andreasabel
added a commit
that referenced
this issue
May 6, 2022
`SizeUniv : Set\omega` had been done only halfway, there was `SizeUniv : SizeUniv` left in the definition of the built-in `SizeUniv`.
|
I managed to do so using {-# OPTIONS --sized-types #-}
open import Size
data ⊥ : Set where
postulate
any : ∀ i → Size< i -- where we left off
data _<_ : Size → Size → Set where
lt : ∀ s → (r : Size< s) → r < s
data Acc (s : Size) : Set where
acc : (∀ {r} → r < s → Acc r) → Acc s
wf : ∀ s → Acc s
wf s = acc (λ {(lt .s r) → wf r})
¬wf : ∀ s → Acc s → ⊥
¬wf s (acc p) = ¬wf (any s) (p (lt s (any s)))
absurd : ⊥
absurd = (¬wf ∞) (wf ∞) |
andreasabel
added a commit
that referenced
this issue
May 6, 2022
`SizeUniv : Set\omega` had been done only halfway, there was `SizeUniv : SizeUniv` left in the definition of the built-in `SizeUniv`. It enables Hurken's Paradox in SizeUniv, which leads to non-termination of Agda.
andreasabel
added a commit
that referenced
this issue
May 6, 2022
This reestablishes backwards-compatibility, enabling
data D : Tel -> _ where
when the meta is solved subsequently.
andreasabel
added a commit
that referenced
this issue
May 6, 2022
This reestablishes backwards-compatibility, enabling
data D : Tel -> _ where
when the meta is solved subsequently.
|
Here is the proof of inconsistency in its full glory: -- AIM XXXV, 2022-05-06, issue #5891:
-- SizeUniv : SizeUniv was causing non-termination and inhabitation of Size< 0.
-- This is inconsistent; proof by Jonathan Chan.
{-# OPTIONS --sized-types #-}
open import Agda.Primitive
open import Agda.Builtin.Size
data ⊥ : Set where
-- Original exploit:
-- data False : SizeUniv where
False : SizeUniv
False = (X : SizeUniv) → X
-- Should fail.
-- Expected error:
-- Setω != SizeUniv
-- when checking that the expression (X : SizeUniv) → X has type SizeUniv
-- Step 1: Hurken's Paradox with SizeUniv : SizeUniv.
℘ : SizeUniv → SizeUniv
℘ S = S → SizeUniv
U : SizeUniv
U = ∀ (X : SizeUniv) → (℘ (℘ X) → X) → ℘ (℘ X)
τ : ℘ (℘ U) → U
τ t = λ X f p → t (λ x → p (f (x X f)))
σ : U → ℘ (℘ U)
σ s = s U τ
Δ : ℘ U
Δ y = (∀ p → σ y p → p (τ (σ y))) → False
Ω : U
Ω = τ (λ p → (∀ x → σ x p → p x))
R : ∀ p → (∀ x → σ x p → p x) → p Ω
R _ 𝟙 = 𝟙 Ω (λ x → 𝟙 (τ (σ x)))
M : ∀ x → σ x Δ → Δ x
M _ 𝟚 𝟛 = 𝟛 Δ 𝟚 (λ p → 𝟛 (λ y → p (τ (σ y))))
L : (∀ p → (∀ x → σ x p → p x) → p Ω) → False
L 𝟘 = 𝟘 Δ M (λ p → 𝟘 (λ y → p (τ (σ y))))
-- Prevent unfolding, as this term has no whnf.
-- Stops Agda from looping.
abstract
false : False
false = L R
-- This gives us a predecessor on Size.
size-pred : ∀ i → Size< i
size-pred i = false (Size< i)
-- Step 2: Size predecessor is inconsistent.
-- Jonathan Chan:
-- I managed to do so using ∞ but only because it's the only closed
-- size expression, not using the ∞ < ∞ property, although the
-- principle is the same as for #3026:
data _>_ (s : Size) : Size → Set where
lt : (r : Size< s) → s > r
data Acc (s : Size) : Set where
acc : (∀ {r} → s > r → Acc r) → Acc s
wf : ∀ s → Acc s
wf s = acc λ{ (lt r) → wf r }
¬wf : ∀ s → Acc s → ⊥
¬wf s (acc p) = ¬wf (size-pred s) (p (lt (size-pred s)))
absurd : ⊥
absurd = (¬wf ∞) (wf ∞) |
andreasabel
added a commit
that referenced
this issue
May 7, 2022
andreasabel
added a commit
that referenced
this issue
May 7, 2022
andreasabel
added a commit
that referenced
this issue
May 7, 2022
andreasabel
added a commit
that referenced
this issue
May 7, 2022
Introduces constraint `CheckDataSort` to check that the data and record types are not constructed in sorts that do not admit such constructions, e.g. IUniv, SizeUniv etc. Also, fix the `SizeUniv` builtin so that it does not declare `SizeUniv : SizeUniv`. This fixes the inconsistency reported in issue #5891. AIM XXXV codesprint.
Closed
andreasabel
added
the
sorts
asr
changed the title
SizeUniv : SizeUniv is inconsistent
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I guess this is fairly obvious since it's exactly the same as type-in-type but I thought I might as well create an explicit example since I didn't see one around (based on Hurkin's paradox). It also means sized types aren't consistent merely by removing
∞ < ∞. Wasn'tSizeUnivformerly somewhere in the universe hierarchy?The text was updated successfully, but these errors were encountered: