4. The λ-calc. with Prod. and Conj.

Size: px

Start display at page:

Download "4. The λ-calc. with Prod. and Conj."

Francine Moody
5 years ago
Views:

1 4. The λ-calc. with Prod. and Conj. (4. The λ-calculus with Products and Conjunction) (a) The typed λ-calculus with products. (b) Currying. (Omitted 2008). (c) The nondependent product in Agda. (d) Logic With Conjunction. (e) The λ-calculus and term rewriting. (f) Finite Sets and Decidable Formulae (g) Finite Sets and Decidable Formulae in Agda CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sect

2 (a) The Typed λ-calc. with Products One can expand the set of λ-types and λ-terms as follows: Types are defined as before, but we have additionally: If σ, τ are types, so is σ τ. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-2

3 Example (Products) Assume we have some extra ground types Name := String Gender := {female, male} The exact definition of Gender and String in type theory will be given later (String will be a list of characters). Then we can define name-with-gender := String Gender Then we have John, male : name-with-gender. If s : name-with-gender, then it s first projection is a name. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-3

4 Example2 (Products) Assume we have a type Term of terms, representing functions Int Int. The set of terms Term together with the function, they denote, is given as Term (Int Int) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-4

5 Products The set of typed-λ-terms are defined as before but we have: If s : σ, t : τ then s,t : σ τ: Γ s : σ Γ t : τ (Pair) Γ s,t : σ τ If s : σ τ, then π 0 (s) : σ and π 1 (s) : τ: Γ s : σ τ (Proj0 ) Γ π 0 (s) : σ Γ s : σ τ (Proj1 ) Γ π 1 (s) : τ CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-5

6 Example We show (λx (o o) (o o o).π 0 (x)) λy o.y,λz o.λv o.z : o o (λx (o o) (o o o).π 0 ( x }{{} :(o o) (o o o) )) } {{ } } {{ :o o } ((o o) (o o o)) o o } {{ o o λy o. y,λz }{{} o.λv o.}{{} z :o :o }{{}}{{} :o o o o }{{} o o o } {{ (o o) (o o o) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-6

7 β-reduction for Pairs β-reduction for the pairs is the rule which allows to replace any subterm of the form π 0 ( r 0,r 1 ) by r 0, any subterm of the form π 1 ( r 0,r 1 ) by r 1. The subterms π i ( r 0,r 1 ) are called β-redexes of the term in question In addition we have the β-redexes (λx.t) s of the λ-calculus with. β-reduction for the typed λ-calculus with products includes both β-reduction for functions and β-reduction for pairs. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-7

8 Example (λx (o o) (o o o).π 0 (x)) λy o.y,λz o.λv o.z β π 0 ( λy o.y,λz o.λv o.z ) β λy o.y CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-8

9 Products with many Components We write σ 0 σ n for ( ((σ 0 σ 1 ) σ 2 ) σ n ). Define for s 0 : σ 0,...,s n : σ n s 0,...,s n := s 0,s 1,s 2, s n : σ 0 σ n E.g. x,y,z := x,y,z. One can easily define corresponding projections π n i : (σ 0 σ n 1 ) σ i, s.t. π n i ( s 0,...,s n 1 ) = β s i. For instance in case n = 3 we need π 3 i ( s 0,s 1,s 2 ) = π 3 i ( s 0,s 1,s 2 ) = s i CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-9

10 Products with many Components π 3 i ( s 0,s 1,s 2 ) = s i We obtain this by defining π 3 0 (x) := π 0(π 0 (x)) Then π 3 0 ( s 0,s 1,s 2 ) = π 0 (π 0 ( s 0,s 1,s 2 )) = π 0 ( s 0,s 1 ) = s 0 π 3 1 (x) := π 1(π 0 (x)) Then π 3 1 ( s 0,s 1,s 2 ) = π 1 (π 0 ( s 0,s 1,s 2 )) = π 1 ( s 0,s 1 ) = s 1 CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-10

11 Products with many Components π 3 i ( s 0,s 1,s 2 ) = s i π 3 2 (x) := π 1(x) Then π 3 2 ( s 0,s 1,s 2 ) = π 1 ( s 0,s 1,s 2 ) = s 2 CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-11

12 η-expansion for Products If we have a product r : σ τ, then its projections are β-equal to the projections of π 0 (r),π 1 (r) : π 0 ( π 0 (r),π 1 (r) ) = β π 0 (r), π 1 ( π 0 (r),π 1 (r) ) = β π 1 (r). Therefore, similarly to functions, we would like to have that every term r : σ τ is equal to π 0 (r),π 1 (r). The η-rule expresses that subterms t : σ τ can be η-expanded to π 0 (t),π 1 (t) Details can be found on the next few slides, but won t be treated in the lecture. We jump over the rest of this Subsection and over SubSect. b. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-12

13 η-rule for Products However, as for functions, we need to impose some restrictions, in order to avoid circularities: If t is of the form r 0,r 1, and if we allowed then the reduction t π 0 (t),π 1 (t), we would get the following circular reduction: t π 0 (t),π 1 (t) π 0 ( r 0,r 1 ),π 1 ( r 0,r 1 ) β r 0,r 1 t CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-13

14 η-rule for Products If t occurs in the form π i (t), and if we then allowed to expand t, we would get π i (t) π i ( π 0 (t),π 1 (t) ) and would get the following circular reduction: π i (t) π i ( π 0 (t),π 1 (t) ) β π i (t), All other terms can be expanded without obtaining a new redex. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-14

15 η-expansion for Products η-expansion for products is the rule which allows to replace in a typed λ-term t one subterm s : σ τ, which is not of the form r 0,r 1, and does not occur in the form π 0 (s) or π 1 (s) by π 0 (s),π 1 (s). η-expansion for the typed λ-calculus with products includes both η-expansion for functions and for pairs. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-15

16 Example Assume g : (o o) o. (λf (o o) o.λx o o.f x) g β λx o o.g x η λx o o.g π 0 (x),π 1 (x) λx o o.g π 0 (x),π 1 (x) is therefore the β,η-normal form of (λf (o o) o.λx o o.f x) g CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-16

17 Theorem The typed λ-calculus with products, β-reduction and with (or without) η-expansion is confluent and strongly normalising. We can introduce products as well for the untyped λ-calculus. Then we obtain a confluent (but of course non normalising) reduction system. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-17

18 η-rule With the η-rule we obtain now that if r : σ τ, then r = β,η π 0 (r),π 1 (r). If r : σ τ is of the form r 0,r 1 then we have r = β π 0 (r),π 1 (r) : π 0 (r),π 1 (r) π 0 ( r 0,r 1 ),π 1 ( r 0,r 1 ) β r 0,r 1 Otherwise r η π 0 (r),π 1 (r). Therefore, every element of a product type is of the form something 0, something 1. r Jump over Currying/Uncurrying CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (a) 4-18

19 (b) Currying In the λ-calculus with products, there are two versions of a function f taking an integer and a floating point number and returning a string: f 1 : (Int Float) String f 2 : Int Float String. We say that f 1 is in Uncurried form, and f 2 is in Curried form. The name Curry honours Haskell Curry. The application of these two functions to arguments x and y is written as f 1 x,y, f 2 x y. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (b) 4-19

Haskell Brooks Curry Haskell Brooks Curry (1900-1982) CS 336/CS M36

20 Haskell Brooks Curry Haskell Brooks Curry ( ) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (b) 4-20

21 Curried/Uncurried Functions The above generalises to functions with arbitrarily (but finitely) many arguments of different type. The Curried version of a function f with arguments of types σ 0,...,σ n 1 and result type ρ is of type σ 0 σ n 1 ρ. Its Uncurried version has type (σ 0 σ n 1 ) ρ. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (b) 4-21

22 Uncurrying From a Curried function we can obtain an Uncurried function. This is called Uncurrying. Example: Assume f : Int Float String. Then λx Int Float.f π 0 (x) π 1 (x) : (Int Float) String is the Uncurried form of f. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (b) 4-22

23 Currying From a Uncurried function we can obtain an Curried function. This is called Currying. Example: Assume Then f : (Int Float) String. λx Int.λy Float.f x,y : Int Float String is the Curried form of f. On the next 2 slides follows a treatment of the general case. Jump over general case. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (b) 4-23

24 Uncurrying We can obtain from the Curried form f Curry of a function its Uncurried form f Uncurry by f Uncurry = λx.f Curry π n 0(x) π n n 1(x) where π n i : (σ 0 σ n 1 ) σ i are the projections. One can as well define a λ-term Uncurry : (σ 0 σ n 1 ρ) (σ 0 σ n 1 ) ρ Uncurry := λf,x.f π n 0 (x) πn n 1 (x) s.t. Uncurry f Curry β f Uncurry. This transformation is called Uncurrying. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (b) 4-24

25 Currying We can obtain from the Uncurried form f Uncurry of a function its Curried form f Curry by f Curry = λx 0,...,x n 1.f Uncurry x 0,...,x n 1 Again we can define Curry : ((σ 0 σ n 1 ) ρ) σ 0 σ n 1 ρ Curry := λf,x 0,...,x n 1.f x 0,...,x n 1 s.t. Curry f Uncurry β f Curry. This transformation is called Currying. It is an easy exercise to show Curry (Uncurry f) = β,η f and Uncurry (Curry f) = β,η f. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (b) 4-25

26 (Un)Currying in Programming The Uncurried form of a function corresponds to the form functions are presented usually outside functional programming. There functions always need all arguments. 3+ is something which outside functional programming usually doesn t make much sense. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (b) 4-26

27 (Un)Currying in Programming In functional programming one often prefers the Curried form. This allows to apply a functional partially to its arguments. E.g. if we take _ + _ as usual in Curried form, then _ + _ 3 : Int Int is the function taking x and returning _ + _ 3 x which is 3 + x. Example: map (_ + _ 3) [1, 2, 3] = [4, 5, 6] If we apply the function increasing every x by 3 to the list [1, 2, 3], we obtain the result of incrementing each list element by 3, i.e. [4, 5, 6]. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (b) 4-27

28 (Un)Currying in Programming One often avoids in functional programming (and as well in Agda) the formation of products (or record types). Especially for intermediate calculations. The packing and unpacking of products makes programming often harder. E.g. instead of defining a function f : σ (ρ τ) it is often better to form two functions f 1 : σ ρ and f 2 : σ τ, (which are often defined simultaneously). Only, when delivering the final program, the use of products is often better, because the result is more compact. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (b) 4-28

29 (c) The Nondep. Product in Agda In Agda, there are two ways of defining the product. The first one represents the product as a record type. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-29

30 Records in Pascal In many languages there exists the notion of a Record type. In Pascal we can form for instance the type of Students Student = record begin StudentNumber : Integer; Name : String; end Elements of this type can be formed by determining their StudentNumber and Name. If x : Student, then x.studentnumber : Integer and x.name : String. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-30

31 Records in Java Records correspond in Java to classes with public fields, no methods, and a standard constructor. E.g. the class Student is defined as follows: class Student{ Integer StudentNumber; String Name; Student(Integer StudentNumber, String Name){ this.studentnumber = StudentNumber; this.name = Name } } CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-31

32 The Record Type in Agda Assume we have introduced A,B : Set Then we can introduce the record type record AB : Set where field a : A b : B CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-32

33 Name Clashes in the Record Type You are not allowed to use a and b, if the identifiers a and b have been introduced before. However, you can use the same record selector in different records. So n : N n = Z causes an error. record A : Set where field n : N CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-33

34 Name Clashes in the Record Type However record A : Set where field n : N record A : Set where field n : N N is accepted. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-34

35 Longer Records We can introduce longer records as well, e.g. record ABCD : Set where field a : A b : B c : C d : D CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-35

36 The Product as a Record Type Elements of a record type are introduced as follows: Assume we have a : A, b : B. Then we can introduce in the above situation ab : AB ab = record{a = a ;b = b } Note that, since a, b cannot be record selectors and separate identifiers at the same time, the ambiguous definition record{a = a;b = b} is not possible. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-36

37 The Product as a Record Type However, if we use let expressions, then we can obtain such an ambigous situation: ab : AB ab = let a : A a = a b : B b = b in record{a = a;b = b} We recommend to avoid such definitions. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-37

38 Projections If we have record AB : Set where field a : A b : B then Agda provides us with the following projection functions: AB.a : AB A AB.b : AB B CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-38

39 Projections If we define then we obtain ab : AB ab = record{a = a ;b = b } AB.a ab = a AB.b ab = b CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-39

40 Records with Dependencies We can define a generic product rprod A B depending on A : Set, B : Set (rprod stands for record-product): record rprod (A B : Set) where field first : A second : B The projections are denoted as follows: If ab : rprod A B, then rprod.first rprod.second ab : A ab : B CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-40

41 Hidden Arguments When we use rprod.first : rprod A B A it is not always clear, which sets A and B one is referring to. In fact A and B are hidden arguments of rprod.first. In case one needs to make them explicit, this can be done as follows: rprod.first { A } { B } ab stands for rprod.first applied to ab, where ab : rprod A B. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-41

42 Hidden Arguments We can make any argument of a function hidden. For instance id : {A : Set} A A id a = a defines the identity function, which for any set A and a : A returns a. This function is used in the form id a without adding the parameter A. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-42

43 Hidden Arguments If we want to make the hidden parameter A explicit we can do so by writing id { A } a CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-43

44 Hidden Arguments There is no deep theory about when arguments can be hidden or not. Any argument of a function can be declared to be hidden. If when type checking the code Agda cannot determine a hidden argument, then Agda will get unsolved hidden goals. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-44

45 Example Take the following code strange : {a : A} A strange {a} = a a : A a = strange Agda doesn t complain about the definition of strange. However, when checking the definition of a, it notices that it cannot figure out the hidden argument of strange. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-45

46 Example strange : {a : A} A strange {a} = a a : A a = strange It complains by Marking the word strange in yellow. Displaying a hidden goal in the buffer All Goals _184 : A [ at /home/csetzerlocal/test.agda:166,7-14 ] This means that for the missing hidden argument of strange a hidden goal has been introduced, which is of type A, and the position (line 166, column 7-14) is displayed. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-46

47 The Product using data The second version of the product uses the more general data construct for defining so called algebraic types. With this construction we are leaving the so called logical framework. λ-terms and the record type form the logical framework, the basic types of Agda and of Martin-Löf type theory. The data-construct allows to introduce user-defined types. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-47

48 The Product using data The data -product is introduced as follows (dprod stands for data-product): data dprod (A B : Set) : Set where p : A B dprod A B Here dprod A B depends on two sets A, B. p is the constructor of this set. The name (here p) is up to the user, we could have used any other valid Agda identifier. The idea is: The elements of Prod are exactly the terms p a b where a : A and b : B. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-48

49 Pattern Matching In order to decompose an element of dprod A B in Agda, we can use pattern matching. This is best explained by an example. We postulate A,B : Set, and abbreviate dprod A B as AB: postulate A : Set postulate B : Set AB : Set AB = dprod A B CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-49

50 Pattern Matching postulate A : Set postulate B : Set AB : Set AB = dprod A B Assume we want to define the first projection s.t. proj0 : AB A, proj0 (p a b) = a This can be defined as follows: proj0 : AB A, proj0 (p a b) = a CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-50

51 Pattern Matching postulate A : Set postulate B : Set AB : Set AB = dprod A B The second projection can be defined similarly: proj1 : AB B, proj1 (p a b) = b Note the parentheses around (p a b): proj1 p a b = b would read: proj1 applied to a variable p, a variable a and a variable b is equal to b. This causes an error, because proj1 only allows one argument. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-51

52 Deep Pattern Matching postulate A : Set postulate B : Set AB : Set AB = dprod A B Deeper pattern matching is as well possible: An element of dprod (dprod A B) B is of the form where a : A, b,b : B. We can define p (p a b ) b f : dprod (dprod A B) B A f (p (p a b) b ) = a CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-52

53 Deep Pattern Matching We are not allowed to use the same variable twice in a pattern (unless specially flagged flagged repeated variables occur only in advanced data types like the identity type). So causes an error. f : dprod (dprod A B) B A f (p (p a b) b) = a CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-53

54 Coverage Checker The coverage checker of Agda will make sure that the patterns cover all possible cases. So f : N N f Z = Z will not pass the coverage checker, because f (S n) is not defined. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-54

55 Hidden Arguments in dprod p in data dprod (A B : Set) : Set where p : A B dprod A B has hidden arguments {A : Set} and {B : Set}. In case one needs to make them explict, one can do so: c : dprod A B c = p {A} {B} a b CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-55

56 Hidden Arguments in dprod If one wants to mention the first hidden argument, but not the second one, one simply omits the second one: c : dprod A B c = p {A} a b The following syntax allows to omit the first hidden argument, but to mention the second one: c : dprod A B c = p {_} {B} a b In general, variables which are not used later can be written as _. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-56

57 Decomposing Record Type Let D : Set D = rprod (dprod A B) C Assume we want to define f : D A which projects an element of D to the component A. Pattern matching is not possible for record types. What we can do is to use the with -construct f : D A f d with rprod.first d f d p a b = a CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-57

58 Decomposing Record Type f : D A f d with rprod.first d f d p a b = a The above reads as follows: We define f d by looking at rprod.first d. We look at what happens when rprod.first d = p a b. In this case we define f d as a. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-58

59 Longer Example As an example we want to define in Agda, depending on A,B,C,D : Set, ab : A B a-c : A C, b-d : B D an element f ab a-c b-d : C D. This means that f is a function which takes arguments a-c, b-d and ab as above and returns an element of C D. Therefore f : (A B) (A C) (B D) (C D) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-59

60 Longer Example A,B,C,D : Set will be global assumptions (represented in Agda by postulates). So we have the following Agda code: postulate A : Set postulate B : Set postulate C : Set postulate D : Set CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-60

61 Longer Example Let AB and CD be names for A B and C D, respectively. Then we obtain the following code: record AB : Set where field a : A b : B record CD : Set where field c : C d : D CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-61

62 Longer Example The goal to be solved is as follows: f : (A C) (B D) AB CD f a-c b-d ab = {!!} CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-62

63 Longer Example The idea for this function is as follows: We first project ab : A B to elements a : A, b : B. Then we apply a-c : A C to a : A and obtain an element And we apply c : C. b-d : B D to b : B and obtain an element d : D. Finally we form the pair b,d. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-63

64 Longer Example A diagram is as follows: ab:a B A B π 0 π 1 a:a b:b a-c b-d a-c f a-c b-d b-d c :C d :D, c,d :C D C D We will use let-expressions in order to compute the intermediate values a, b, c, d. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-64

65 Agda Code for the Above f : (A C)(B D) AB CD f a-c b-d ab = let a : A a = AB.a ab b : B b = AB.b ab c : C c = a-c a d : D c = b-d b in record{c = c ;d = d } See exampleletexpressionrecord.agda. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-65

66 Remark on Previous Code In the previous code we used in the let expression variables c and d instead of c and d. This is to avoid the ambiguity in record{c = c;d = d} Agda will interpret this example as intended, but it is not clear whether this will be always the case. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-66

67 Concrete Products When using the data-construct, it is often more convenient to introduce concrete products in a more direct way. Example: Assume we have defined a set Gender of genders, a set Name of names. The set of persons, given by a gender and a name, can then be defined as data Person : Set where person : Gender Name Person CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-67

68 Concrete Products Then one can define customized projections using pattern matching, e.g. gender : Person Gender gender (person g n) = g CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (c) 4-68

69 (d) Logic with Conjunction Constructive Meaning of A B is true, if A is true and B is true. Therefore a proof p : A B consists of a proof a : A and a proof b : B. So such a proof is a pair a,b s.t. a : A and b : B. Therefore A B is just the product A B of A and B. We can identify A B with A B. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-69

70 Conjunction in Agda Conjunction is represented as a product. There are two products in Agda, therefore as well two ways of representing conjunction: One using the record type: record _ r_ (A B : Set) : Set where field and1 : A and2 : B The symbol can be introduced by typing in \wedge. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-70

71 Conjunction in Agda And one using the product formed using data. We use a more meaningful name for the constructor: data _ d_ (A B : Set) : Set where and : A B A d B See exampleproofproplogic3.agda CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-71

72 Typing in Special Symbols Typing in the special symbols (using the Emacs-package mule ) can be cumbersome. A more convenient way is to use the abbreviation mode: To activate the abbreviation mode, use under emacs M-x abbrev-mode Then one can let an arbitrary sequence of characters to be automatically replaced by an abbreviation. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-72

73 Typing in Special Symbols For instance if we want andd to expand to we do the following: We type in andd. We use the emacs command C-x ail We type in the mini buffer our intended expansion, namely (typed in as \wedge ). Now whenever we type in a space-like character (blanks and some punctuations) followed by andd followed by a space-like character, then andd is replaced by. You can edit the abbreviations you have defined by using M-x edit-abbrevs (when finished use C-c C-c in order to activate your definitions). CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-73

74 Abbreviation Mode You can prevent the expansion of an an abbreviation by using C-q before adding any space-like character after andd. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-74

75 Customising Agda with Abbreviatio In order to load previous abbreviations and save the when exiting Agda you should add the following to your.emacs file: (read-abbrev-file " /.abbrev_defs") However, for this to work you need first to create a file /.abbrev_defs This is done by following the steps on the next slide CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-75

76 Customising Agda with Abbreviatio The creation of a file /.abbrev_defs is done as follows (the steps need to be carried out only once): Define at least one abbreviation as above (you can change this abbreviation later by using M-x edit-abbrevs. For instance you can just type in fooo, type in C-x ail, and then type in the Mini-buffer foo, so that fooo is expanded to foo. Then execute M-x write-abbrev-file, and when asked for a file name, enter in the mini-buffer /.abbrev_defs Now execute M-x read-abbrev-file, and when asked for a file name, enter in the mini-buffer /.abbrev_defs CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-75a

77 Customising Agda with Abbreviatio If you now create a new abbreviation, and run C-x s which is the command for saving all buffers, it will ask as well whether you want to save the abbreviation file. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-75b

78 Customising Agda with Abbreviatio In order to activate the abbreviation mode, whenever one enters an Agda file, add in your.emacs file after the line (load " /emacs/agdainstall") the following (add-hook agda2-mode-hook (lambda nil (abbrev-mode 1))) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-75c

79 Example On the computer A A A and A B A will now be shown in Agda using both versions of. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-76

80 Example (Conjunction) We prove A B B A (see exampleproofproplogic6.agda): Lemma : Set Lemma = A r B B r A lemma : Lemma lemma ab = record{and1 = _ r_.and2 ab; and2 = _ r_.and1 ab} CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-77

81 Example (Conjunction) Lemma : Set Lemma = A d B B d A lemma : Lemma lemma (and a b) = and b a CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-78

82 Conjunction with more Conjuncts If one has a conjunction with more than two conjuncts, e.g. A B C, one can always express it using the binary : As (A r B) r C or A r (B r C). If one adds infixl 30 _ r_ one can write for A r B r C (A r B) r C CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-79

83 Conjunction with more Conjuncts Especially when using the record version of it is more convenient to use a ternary version of conjunction (using one of the two versions of the product). Similarly one can introduce conjunctions of 4 or more conjuncts. Definition of the ternary and using a record: record And3r (A B C : Set) : Set where field and1 : A and2 : B and3 : C CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-80

84 Conjunction with more Conjuncts Definition of the ternary and using data : data And3d (A B C : Set) : Set where and3d : A B C And3d A B C See exampleproofproplogic5.agda CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (d) 4-81

85 (e) The λ-calc. and Term Rewriting One can combine the λ-calculus with term writing. This means that we have apart from the rules of the typed or untyped λ-calculus additional rules like x + 0 x. Then we obtain for instance λy.λz.y + 0 λy.λz.y. More details are given on the following slides, but will not be treated in this lecture. Jump over rest of this section. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-82

86 λ-calculus and Term Rewriting Consider the λ-calculus with terms using additional constants. Assume some term rewriting rules as before (which might involve some λ-terms). As in case of ordinary term rewriting, we form instantiations of the rules by replacing variables by arbitrary λ-terms (in the extended language). CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-83

87 λ-calculus and Term Rewriting Then s t, if s β-reduces (or η-expands, if one allows the η-rule) to t or there exists an instantiation s t s.t. s is a subterm of s and t is the result of replacing this subterm in s by t. s is called as usual a redex of s. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-84

88 λ-calculus and Term Rewriting Assume for instance the rule Then we have double λx.x + x (λf.λx.f (f x)) double λx. double (double x) λx. double ((λx.x + x) x) λx. double (x + x) λx. (λx.x + x) (x + x) λx. (x + x) + (x + x) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-85

89 What does Subterm Mean? When referring to ordinary term rewriting rules, then for a term t to have subterm s meant essentially that there is a term t in which a new variable x occurs exactly once, and t = t [x := s]. Replacing this subterm by s means that we replace t by t [x := s ]. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-86

90 What does Subterm Mean? When referring to λ-terms, this is no longer the case: Assume for instance the rewrite rule x + 0 Rule x. λx.x + 0 has subterm x + 0, but there is no term t s.t. λx.x + 0 = t[y := x + 0]: If we substitute for instance in λx.y y by x + 0 we obtain λz.x + 0. The reason is that when matching a rewrite rule, free variables in the instantiation of the rule used might become bound. So we can apply x + 0 Rule x to λx.x + 0 and have therefore λx.x + 0 λx.x. Replacing a subterm by another subterm is to be understood verbally. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-87

91 Higher Order Rewrite Systems The full definition of so called higher order term rewriting systems imposes more restrictions on the reduction rules. For our purposes the naive interpretation just presented suffices. Jump over next part. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-88

92 Reduction to Closed Terms One can always replace term rewriting rules for the λ-calculus by one in which for all rules s Rule t we have that s,t are closed. This can be done in such a way that equality (modulo the rewriting rules, β and possibly η) in both systems coincide: Assume a rule s Rule t and let x 1,...,x n be the free variables in s. Then replace this rule by λx 1,...,x n.s Rule λx 1,...,x n.t. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-89

93 Proof We write in the following x for x 1,...,x n. Assume a term r reduces using this rule in the original system to a term u: Then r contains a subterm of the form s where s is the result of substituting in s x i by some terms t i. Let t be the result of substituting in t x i by t i. Then u is the result of replacing s in r by t. Let then r be the result of replacing s by (λ x.s) t 1 t n, and u be the result of replacing in s s by (λ x.t) t 1 t n. Then we have r = β r Rule u = β u, so the reduction can be simulated in the second system. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-90

94 Proof On the other hand, if r u by using in the second system the rule λ x.s Rule λ x.t, then r u in the previous system by using the rule s Rule t r contains a subterm equal to λ x.s and u is the result of substituting this subterm in r by λ x.t. But then r contains the subterm s and t is the result of substituting this subterm in r by t. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-91

95 Example We can replace the rewriting rules x + 0 x x + S y S (x + y) by λx.x + 0 λx.x λx,y.x + S y λx,y.s (x + y) That S (0 + S 0) S (S (0 + 0)) S (S 0) becomes in the new system S (0 + S 0) = β S ((λx,y.x + S y) 0 0) S ((λx,y.s(x + y)) 0 0) = β S (S (0 + 0)) = β S (S ((λx.x + 0) 0)) S (S ((λx.x) 0)) = β S (S 0) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-92

96 Extended Typed λ-calculus Finally, we can combine the typed λ-calculus (with or without products, with or without η-expansion) with term rewriting rules. Essentially this means that we have additional constants with types and reduction rules for them. The details (which are given on the following slides) will not be treated in the lecture itself. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-93

97 Extended Typed λ-calculus For introducing the new rewrite rules, we have to make the following modifications: We assign a type to each additional constant. The set of typed λ-terms is then introduced by the same rules as before, but we have as additional rule: If c is a constant of type σ, then we have Γ c : σ CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-94

98 Example Assuming _ + _ : nat nat nat and writing as usual r + s for _ + _ r s we have the following derivation of λx nat.x + x : nat nat: x:nat _+_:nat nat nat x:nat x:nat (Ap) x:nat _+_ x:nat nat x:nat x:nat (Ap) x : nat _ + _ x x : nat (Abs) (λx nat.x + x) : nat nat The left most leaf in this derivation follows by the rule for the constant _ + _. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-95

99 Example Then we have (λf nat nat.λx nat.f (f x)) double λx nat. double (double x) λx nat. double ((λx nat.x + x) x) λx nat. double (x + x) λx nat. (λx nat.x + x) (x + x) λx nat. (x + x) + (x + x) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-96

100 Extended Typed λ-calculus Reduction rules should now be of the form Γ s Rule t : σ (instead of s Rule t) where we have Γ s : σ and Γ t : σ. As before, s shouldn t be a variable, and all variables in t should occur in s. Best guaranteed by demanding that all variables in Γ occur free in s. One usually omits Γ, σ, if it is clear from the context. Very often, the reduction rules will be of the form c Rule t : σ where c is a constant and therefore t a closed term. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-97

101 Extended Typed λ-calculus Instantiations of a rule Γ s Rule t : σ are now obtained by replacing variables x of type τ by terms r : τ (possibly depending on some context ). Reductions w.r.t. the rules are obtained by replacing subterms r : σ, which coincide with the left hand side of an instantiation of a rule r r : σ by the right hand side r. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-98

102 Example Assume ground type nat, constants _ + _ : nat nat nat (written infix, i.e. r + s for _ + _ r s), and double : nat nat. and the reduction rule double (λx nat.x + x) : nat nat. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-99

103 Example Then we have (λf nat nat.λx nat.f (f x)) double λx nat. double (double x) λx nat. double ((λx.x + x) x) λx nat. double (x + x) λx nat. (λx.x + x) (x + x) λx nat. (x + x) + (x + x) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (e) 4-100

104 (f) Finite Sets and Decidable Formul We want to add types containing finitely many elements to the λ-calculus. We treat first the special case Bool (finite set with 2 elements) and then generalise this to general finite sets. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-101

105 The Type of Booleans We add a new type Bool to the set of ground types. We add constants tt : Bool, ff : Bool. Here tt stands for true, ff for false. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-102

106 Case σ Bool Furthermore we add the principle of case distinction to the λ-calculus extended by Bool: Assume we have a type σ and case tt : σ case ff : σ Then we want to have that And we want that Case σ Bool case tt case ff : Bool σ Case σ Bool case tt case ff tt = case tt Case σ Bool case tt case ff ff = case ff CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-103

107 If then else Case σ Bool case tt case ff tt = case tt Case σ Bool case tt case ff ff = case ff Case σ Bool case tt case ff b corresponds to If b then case tt else case ff : In case b = tt, the if-then-else-term should be equal to case tt, as it is the case for Case σ Bool case tt case ff b. In case b = ff, the if-then-else-term should be equal to case ff, as it is the case for Case σ Bool case tt case ff b. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-104

108 Type of Case σ Bool We don t need to have a complex rule for forming Case σ Bool case tt case ff. All we need to do is add a constant Case σ Bool Case σ Bool : σ σ Bool σ of type Then it follows that, whenever case tt : σ and case ff : σ, then Case σ Bool case tt case ff : Bool σ : The equalities are achieved by adding reductions Case σ Bool case tt case ff tt Case σ Bool case tt case ff ff case tt case ff CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-105

109 Example: Boolean Conjunction We define Boolean valued conjunction _ Bool _ : Bool Bool Bool. We write _ Bool _ for function symbol, Bool for the symbol, written infix, so b Bool c stands for _ Bool _ b c. Note that this will be an operation on Booleans. Above we introduced the operation on formulae, which takes two formulae A and B and forms the formula A B. b Bool c will form the Boolean value corresponding to the conjunction of b and c. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-106

110 Truth Table for Bool Bool has the following truth table: Bool ff tt ff tt ff ff ff tt So we have ff Bool b = ff tt Bool b = b CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-107

111 Example: Bool Below we will see how to define for every Boolean value b : Bool a formula Atom b corresponding to this value. Then one can show that (Atom b) (Atom c) is equivalent to Atom (b Bool c). This means that b Bool c is true iff b is true and c is true. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-108

112 Example: Bool _ Bool _ : Bool Bool Bool. _ Bool _ will be introduced by λ-abstraction, so we get for some term t. _ Bool _ = λ(b,c : Bool).t t will be defined by case distinction on b, and have result Bool, so we get for some e,f. _ Bool _ = λ(b,c : Bool).Case Bool Bool e f b CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-109

113 Example: Bool _ Bool _ = λ(b,c : Bool).Case Bool Bool e f b For conjunction we have: We have seen that tt Bool c = c So the if-case e above is c. Furthermore ff Bool c = ff So the else-case f above is ff. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-110

114 Example: Bool In total we define therefore _ Bool _ = λ(b,c : Bool).Case Bool Bool c ff b : Bool Bool Bool We verify the correctness of this definition: tt Bool c = _ Bool _ tt c = Case Bool Bool c ff tt = c. as desired. ff Bool c = _ Bool _ ff c = Case Bool Bool c ff ff = ff. Correct as desired. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-111

115 The Finite Sets Bool can be generalised to sets having n elements (n a fixed natural number): We add for every n N a new ground type Fin n. We add for every k N s.t. k < n a new constant A n k : Fin n Informally we will have have Fin n = {A n 0, A n 1,...,A n n 1} especially in the cases n = 2, 1, 0 we have Fin 2 = {A 2 0, A2 1 } Fin 1 = {A 1 0 } Fin 0 = CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-112

116 The Finite Sets We have not made use of dependent types yet. n, k are external natural numbers. So we have for each n added one type Fin n to the calculus. We have for each n and k < n added one constant A n k to the calculus. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-113

117 Rules for Fin n We add the principle of case distinction on Fin n : Assume n N, a type σ, and case i : σ for i = 0,...,n 1. Then we want Case σ n case 0 case n 1 : Fin n σ And we want Case σ n case 0 case n 1 A n i = case i CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-114

118 Constants Case σ n As for Bool, this can be achieved by having constants Case σ n : σ σ }{{} n times Fin n σ Then from case i : σ we obtain Case σ n case 0 case n 1 : Fin n σ Furthermore we add the reduction rules Case σ n case 0 case n 1 A n i case i CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-115

119 Equality on Fin n We can now define the Boolean valued function which determines for two elements of Fin n, whether they are equal: Define Eq n,bool : Fin n Fin n Bool s.t. Eq n,bool A i n A i n = tt Eq n,bool A i n A j n = ff for i j Eq n,bool can be defined easily (for fixed n) by case distinction on its two arguments. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-116

120 Special Case Bool Bool can now be treated as the special case with n = 2: Fin n Bool := Fin 2 tt := A 2 0 : Bool ff := A 2 1 : Bool Case σ Bool := Case σ 2 : σ σ Bool σ CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-117

121 Rules for (pronounced top ) is the special case for n = 1 (we write true for A 1 0 ): Fin n So we have a type := Fin 1, true := A 1 0 :, Case σ := Caseσ 1 : σ σ. case σ a true a. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-118

122 as the True Formula Above we have seen that formulae can be identified with types for a formula to be true means to have an element of its type. has exactly one proof, and corresponds therefore to the always always true formula. That s why we call the element true, since it is the proof of the always true formula. Example: we have λx A.true : A CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-119

123 Rules for (pronounced bottom ) is the special case for n = 0: := Fin 0. Fin n has no element (Fin n has no element). Case distinction on Fin 0 is empty the number of cases is 0, so we get the empty case distinction. This means that we have Case σ : σ We have no reduction rules. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-120

124 has no elements. It is the formula, which is always false, since it has no proofs. Often called falsum or absurdity. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-121

125 Case σ expresses: from an element f of we obtain an element of any set. Correct, since there is no element of. Considered as a formula, Case σ means: from a proof of we obtain a proof of every other formula. I.e. it means implies everything. In logic this principle is called Ex falsum quodlibet (from the absurdity follows anything). E.g. A false formula like 0 = 1 or Swansea lies in Germany implies everything. For any formula A we have a proof of A: Case A : A. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-122

126 Negation The negation A of a formula A is true, iff A is false iff there is no proof of A. Now we can show that there is no proof of A iff A is true: If there is no proof of A, then from every proof of A we can obtain a proof of (since there is no proof of A); therefore A is true. On the other hand, if we A is true, i.e. has a proof, then there cannot be any proof of A, because from it we could get a proof of, which is the empty set. Therefore A is true iff A is true. Therefore we can identify A with A. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (f) 4-123

127 (g) Fin. Sets/Decid. Formul. in Agda We introduce Bool by listing its constructors data Bool : Set where tt : Bool ff : Bool CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (g) 4-124

128 Pattern Matching We can use pattern matching in order to make case distinction on an argument of type Bool: Assume we want to define Bool : Bool Bool Bool tt = ff Bool ff = tt The above is already the Agda code defining Bool. examplenegbool.agda CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (g) 4-125

129 Finite Sets in Agda Finite sets can be introduced by giving one constructor for each element. E.g. data Colour : Set where blue : Colour red : Colour green : Colour CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (g) 4-126

130 Finite Sets in Agda Case distinction on finite sets in Agda can be done using pattern matching. In the Colour example above for instance, we can define is red : Colour Bool is red red = tt is red _ = ff The above has an overlapping case distinction: the line is red _ = ff matches is red red. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (g) 4-127

131 Finite Sets in Agda is red : Colour Bool is red red = tt is red _ = ff The convention is that if there are overlapping patterns, then the first pattern is the one which is used. So is red red will be computed by having the first pattern, we get is red red = tt is red blue and is red green are computed using the second pattern, we get is red blue = is red green = ff CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (g) 4-128

132 in Agda The definition of in Agda is straightforward: data : Set where true : We can define a function having an argument in by using pattern matching: g : Bool q true = tt CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (g) 4-129

133 in Agda Alternatively, we can define in Agda as the empty record (note that there is no keyword field): record : Set where Then the element true of is defined as follows true : true = record{ } Agda has a builtin η-rule, which says that every x : is equal to record{ }. exampletrue.agda CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (g) 4-130

134 in Agda can be defined as the data -set with no constructors: If we want to define data : Set where g : Bool by pattern matching, we see that there is no element in, so there is no constructor case matching g x. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (g) 4-131

135 in Agda We need to communicate this to Agda (this is needed in order to obtain decidability of pattern matching) by having the following code: g : Bool g () The code g () means: the argument at the position () is an element which matches no pattern, so this case is solved. examplefalse.agda CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (g) 4-132

136 in Agda Above we have shown why we can define A as A. Therefore negation can be defined in Agda as follows: : Set Set A = A CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (g) 4-133

137 Example for the Use of Assume the type of trees: We can now define data Tree : Set where oak : Tree pine : Tree spruce : Tree IsConifer : Tree Set IsConifer oak = IsConifer _ = So IsConifer x is the false formula, if x = oak, and the true formula otherwise. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2008, Sec. 4 (g) 4-134

CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving

CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving Course Notes Lent Term Term 2008 Sect. 4 The λ-calculus with Products and Conjunction Anton Setzer Dept. of Computer Science, Swansea University