introduction to agda

Introduction to Agda

2009.4. 24CVS/AIST

Yoshiki Kinoshita, Yoriyuki Yamagata

2

Agenda• On Agda• Agda as a programming language• Agda as a proof system• Further information.

3

Agenda• On Agda• Agda as a programming language• Agda as a proof system• Further information.

4

A Bit of HistoryDevelopment of Agda started at Chalmers University of Technology

(Göteborg, SW) in 1990’sDevelopers include: Catarina Coquand, Lennart Augustsson, Thierry

Coquand, Makoto Takeyama, Marcin Benke, Thomas HallgrenCf. ALF, Alfa etc、tradition of theorem provers based on constructive type

theory at Göteborg.CVS/AIST started to contribute in 2003

plug-in, application to industryCf. Makoto’s move to AIST in 2003.

Agda Implementers Meeting (AIM)twice a year, alternatively at Göteborg and Senri

Agda2Reimplementation from scratch in 2006, with a third (fouth? Fifth?) major

language change → old Agda system is now called `Agda1’Ulf Norell, Catarina Coquand, Makoto Takeyama, Nils Anders Danielsson,

Andreas Abel, Karl Mehltretter, Marcin Benke

5

Principles of Agda

• Martin-Löf’s constructive type theory;Curry-Howard correspondence

term : type proof : proposition– Functional programming language with

dependent typesTerms as programs; compiler / interpreter

– Proof systemTerms as proofs; proof assistant

6

Features of Agda• Language

– Dependent typesDatatypes, inductively defined typesRecord types

– Definitional equalities– Module– Unicode

• System– Structural editor, always showing proof terms

Cf. Coq and Isabelle: script based– Compiler / Interpreter

Compiling to Haskell– Meta variables

Place holders to be Instantiated by concrete terms later.

7

Comparison with Coq• Agda language is based on predicative

type theory,i.e., the collection of all types is not a type.Coq language is based on impredicative type

theory.• Agda system is a structural editor, always

showing the types and terms as it is.Coq system accepts the script of how to

construct types and terms; types and terms are displayed at any time upon request.

8

Agenda• On Agda• Agda as a programming language• Agda as a proof system• Further information.

9

Agda as a programming language

• Types – data … (datatypes, inductively defined types)– record … (record types, dependent tuples)

• Definitional equalitiesIntroduction of constants, including functions.

• Modules → record type

10

Agda as a programming language

• Types – data … (datatypes, inductively defined types)– record … (record types, dependent tuples)

• Definitional equalitiesIntroduction of constants, including functions.

• Modules → record type

11

Types in Agda

• Agda has only one predefined type : SetSet is meant to be “the type of all types”; only Set is not a member of itself. cumulative hierarchy of types.

• There are two mechanisms of introducing a new type:– data …, which introduces datatypes, and– record …, which introduces record types.

12

Datatypes• In principle, data

declaration enumerates all values.E.g.： Bool typetrue and false are the

two values of the type Bool; and there are no other values.

They are constructors of the type Bool.

data Bool : Set where

true : Bool

false : Bool

13

Recursively defined data typedata Boolwith⊥ : Set wherebool : Bool -> Boolwith⊥⊥ : Boolwith⊥

• Constructors may take arguments.Cf. Boolwith⊥

• Identifier is a sequence of unicodecharacters e.g. true: Bool

would be parsed as two identifiers: true:and Bool.

14

Inductively defined data type• The type of the arguments may

be the very type being introduced (2.)

Circular argument!• Agda knows, fortunately, the

cases where such circularity does not lead to an infinite loop of argument

Inductively defined types– Agda’s judgement, however, is

false positive; there are well-definitions which Agda rejects.

• zero is a value of Nat• If n is a value of Nat, then

succ n is a value of Nat, too.

data Nat : Set wherezero : Natsucc : Nat -> Nat

15

Lexical Convention• Indentation and new

line are significant to Agda’s parser.

• mixfix (infix, postfix) notationIn 5., ′ is declared to be

a postfix operator_ indicates the place

where the actual argument is to be placed

1. data Nat : Set wherezero : Natsucc : Nat -> Nat

2. data Nat : Set wherezero : Natsucc : Nat -> Nat

3. data Nat : Set wherezero : Nat succ : Nat ->

Nat

4. data Nat : Set wherezero : Nat ; succ : Nat -> Nat

5. data Nat : Set where０ : Nat_ ′ : Nat -> Nat

Indentationrequired

New linerequired

Semicolon instead of new line

16

Parameterized data type • Finite list of values of

type A• For any given type A,

– [] is of the type List A

– If a is of type A and as is of type List A, then a :: as is of type List A._::_ shows :: is an

infix operator

data List (A : Set) : Setwhere

[] : List A_::_ : A ->

List A ->List A

17

Dependent type• Array : list of specific lentgh.

An example of types dependent to a value.

• Array A nsignifies type of array with elements of type A and length n

• * is the only value of the typeArray A 0

• cons n a x adds x to an array a of length n

• The type of 4th argument of consis Array A n; it depends on Aand n. ∴We must name the 1st and 2nd

argument A and n for later reference.

data Array (A : Set) :

Nat -> Set where* : Array A ０cons : (n : Nat) ->

A ->Array A n –>Array A (n ′)

18

Implicit argument• Constructors of Array are typed

like this.• The type of * would be

* : (A : Set) -> Array A ０

∵ For each type A, * is of type Array A ０.

– To associate the type to *everywhere is a tedeous work!

– Moreover, the type can be inferred from context for the many cases.

• {A : Set} means that a parameter of type Set is to be applied here, but the system infers its value from the context.

* : {A : Set} ->Array A ０

cons : {A : Set} ->(n : Nat) ->A ->Array A n ->Array A (n ′)

19

Implicit argument• This new declaration of Array

makes even n to be inferred from the context.Write {n : Nat} instead of (n : Nat) so that, we can omit the real argument.

• In order to give an implicit actual parameter explicitly, one encloses it by { },e.g., * {Nat} for the nil value

of Array Nat ０

data Array (A : Set) :Nat -> Set where

* : Array A ０cons : (n : Nat) ->

A ->Array A n ->Array A (n ′)

data Array (A : Set) : Nat -> Set where

*: Array A ０cons : {n : Nat} ->

A ->Array A n ->Array A (n ′)

20

(Non-dependent) sums are datatypesdata _+_ (A B : Set) : Set where

ι1 : A -> A + Bι2 : B -> A + B

[_,_] : {A B C : Set} ->(f : A -> C) ->(g : B -> C) ->A + B -> C

[ f , g ] (ι1 a) = f a[ f , g ] (ι2 b) = f b

Sum types can be introduced as datatypes.Dependent sums are

different; they are record types!

Injections correspond to constructors ι1 and ι2.

The inclusion function[ f , g ] may be introduced using pattern matching.

ι2ι1A + BA B

C

f g[ f , g ]

21

Agda as a programming language

• Types – data … (datatypes, inductively defined types)– record … (record types, dependent tuples)

• Definitional equalitiesIntroduction of constants, including functions.

• Modules → record type

22

Record Types• Record types provides a way to

bundle several values of different types (tupling).

Cf. Dependent sums in type theory, products in category theory.

• The values of type BN are pairs of a value of Bool and a value of Nat. Such pairs are given in the form

record { f1 = b ; f2 = n }as in 2. This form is not a first cass object; can appear only at the top level of the left hand side of value declaration.

• f1 and f2 are field names.One can extract components of tuples by field names (selector, projection)

Declaration 1. implies definitions of BN.f1 and BN.f2 in 2.

1. record BN : Set wherefieldf1 : Boolf2 : Nat

2. c : Bool -> Nat -> BNc b n =

record { f1 = b ;f2 = n }

3. BN.f1 : BN -> BoolBN.f2 : BN -> Nat

23

Dependent Record Types• Type of a field can

depend on the value of previous fields.

• Example: pairs of a natural number n and Boolean array of length n (1.).– The type of the second

field array of ifdependson length

– Types of selectors are shown in 2.

1. record VR : Set wherefieldlength : Natarray :Array Bool length

2. VR.length : VR -> NatVR.array :(r : VR) ->Array Bool (VR.length r)

24

Parameterized Record Type• Record type can take

a type parameter.• Example: 1.

Types of selectors is described in 2.

• Type parameter X become an implicit argument of selectors.

1. record PVR (X : Set) : Setwherefieldlength : Natarray : Array X length

2. PVR.length :{X : Set} -> PVR X -> NatPVR.array :{X : Set} ->(r : PVR X) ->Array X (PVR.length r)

25

Tupling and Record types

A × BA Bp1 p2

C

f g[ f , g ]

record _×_ (A B : Set) : Set wherefield

π1 : Aπ2 : B

p1 : {A B : Set} -> A × B -> Ap1 {A} {B} = _×_.π1 A Bp2 : {A B : Set} -> A × B -> Ap2 {A} {B} = _×_.π2 A B[_,_] : {A B C : Set} ->(f : C -> A) -> (g : C -> B) ->C -> A × B

[ f , g ] c =record { π1 = f c ; π2 = g c }

Projections = selectors.Pairing using record construct.

Dependent sum (dependent pairs):

record Σ(A : Set) (B : A -> Set) : Setwherefieldpi1 : Api2 : B pi1

26

Agda as a programming language

• Types – data … (datatypes, inductively defined types)– record … (record types, dependent tuples)

• Definitional equalitiesIntroduction of constants, including functions.

• Modules → record types

27

Function Declaration• Function declaration

consists of1. type specification and2. value definition via

patten matching. (1.)• Infix/mixfix operator

Cf. mixfix constructors. (2.)• Wildcard is available in

pattern matching (2.).• Functional abstraction is

written as in 3., which corresponds to (λx : Nat) x; they are used as first class object (i.e., as a usual term).

1. add : Nat -> Nat -> Natadd n ０ = nadd n (m ′) = (add n m)′

2. _==_ :Nat -> Nat -> Bool

０ == ０ = truezero == _ ′ = falsem ′ == ０ = falsem ′ == n ′ = m == n

3. ¥ (x : Nat) -> x

28

Function Declaration• By means of implicit

type parameters, if-then-else (1.) and Array map (2.) can be defined nicely.

1. if_then_else_fi :

{X : Set} ->

Bool -> X -> X -> X

if true then a else _ fi = a

if false then _ else b fi = b

2. ArrayMap :

{X Y : Set} -> {n : Nat} ->(X -> Y) -> Array X n ->

Array Y n

ArrayMap f * = *ArrayMap f (x ^ xs) = (f x) ^

(ArrayMap f xs)

29

Agenda• On Agda• Agda as a programming language• Agda as a proof system• Further information.

30

Two ways of embedding a logic• Shallow embedding

Embedding using the Curry-Howard correspondenceFormulae as sets (elements of Set) of their proofs∴ Inductive definition by the construction off formulae is not

possible.

Substitution and reduction are Agda’s.• Deep embedding

The type of formulae is defined inductively by Agda∴Inductive definition by the construction of formulae is

possible.

31

Shallow Embeddingof First Order Predicate Logic

• Proposition as a set of proofsAgda’s semantics naturally leads to Intuitionistic

logic• Shallow Embedding

Proposition set of all its proofs (proof figures).Proof introduced for each proposition.

32

Shallow Embeddingof First Order Predicate Logic

• Each logical connective is introduced by four kinds of rules (Martin-Löf)1. Formation rule, which shows how a (complex) proposition is

derived from (simpler) propositions by means of the logical connective.

2. Introduction rule, which shows how a proof of the (complex) proposition with the connective is derived from proofs of the (simpler) proposition.

3. Elimination rule, which shows how a proof of the (simpler) proposition could be derived from a proof of the (complex) proposition.

4. Conversion, which shows the equivalence between proofs.For each logical connective, we shall give corresponding

Agda construction, in the form of three kinds of rules (1.-3.) above.

33

⊥ (absurdity)Absurdity is a proposition

with no proof i.e. Empty Set

1. Formation rule⊥ is a proposition.

2. Introduction rule No constructor for ⊥∴no proof for proposition

3. Elimination ruleFor any proposition P,

Elim takes a proof of ⊥and returns a proof of P.

() matches when there is no constructor in the type

1. data ⊥ : Set where

2. ⊥Elim :{P : Prop} ->⊥ ->P

⊥Elim ()

34

∧ (conjunction)1.Formation rule

If P and Q are propositions, P ∧Q is a proposition.

∧ is defined as a parameterized record

2.Introduction ruleFunction ∧Intro

takes a proof of Pand a proof of Q, and returns a proof of P ∧ Q.

3.Elimination rulesTwo elimination rules

given by selectors.

record _∧_ (P Q : Set) : Set wherefieldElim1 : P ; Elim2 : Q

∧Intro :{P Q : Set} -> P -> Q -> P ∧ Q

∧Intro a b =record { Elim1 = a ; Elim2 = b }

∧Elim1 : {P Q : Set} -> P ∧ Q -> P∧Elim1 = _∧_.Elim1∧Elim2 : {P Q : Set} -> P ∧ Q -> Q∧Elim2 = _∧_.Elim2

35

∨ (disjunction)1. Formation rule

If P and Q are propositions, P ∨ Q is a proposition.

∨ is introduced as a parameterized datatype.

2. Introduction rules∨Intro1 takes a proof of

P, giving a proof of P ∨Q.

∨Intro2 takes a proof of Q, giving a proof of P∨Q.

3. Elimination rule∨Elim exactly

corresponds to ∨-elimination rule

data _∨_ (P Q : Set) : Set where∨Intro1 : P -> P ∨ Q∨Intro2 : Q -> P ∨ Q

∨Elim :{P Q C : Set} -> P ∨ Q ->(P -> C) -> (Q -> C) -> C

∨Elim (∨Intro1 a) prfP _ =prfP a

∨Elim (∨Intro2 b) _ prfQ =prfQ b

P∨Q C CC

[P] [Q]

∨-elimination

36

⊃ (implication)1. Formation rule

If P and Q are propositions, P ⊃ Q is a proposition.

2. Introduction ruleA value of type P -> Q is a proof of Q with the assumption of P.Proofs of P ⊃ Q are in one-to-one correspondence with values of P -> Q.

3. Elimination ruleGiven a proof of P ⊃ Qand P, derive a proof of Q.

data _⊃_ (P Q : Set) : Set where⊃Intro : (P -> Q) -> P ⊃ Q

⊃Elim : {P Q : Set} ->P ⊃ Q -> P -> Q

⊃Elim (⊃ Intro f) a = f a…

B∨-intro1

A ⊃ B⊃-intro①

[A]①

37

¬ (negation)Negation is introduced as an

abbreviation.1. Formation rule

If P is a proposition,¬P is a proposition.

2. Introduction rule¬Intro deduces ¬P from

a proof of ⊥ with the assumption of P, s proof to absurdity and returns a proof of ¬P.

3. Elimination rule¬Elim deduces ⊥ from a

pair of a proof of P and that of ¬P .

1. ¬ : Set -> Set¬ P = P ⊃ ⊥

2. ¬Intro :{P : Set} ->(P -> ⊥) ->¬ P

¬Intro pr = ⊃Intro pr

3. ¬Elim :{P : Set} ->¬ P -> P ->⊥

¬Elim (⊃Intro pr1) pr2 =pr1 pr2

38

Example of a proof of tautology1. p1 : (A B : Set) ->

(A ∧ B) ⊃ (A ∨ B)p1 A B =⊃Intro(¥ (x : A ∧ B) ->∨Intro1(∧Elim1 x))

A

A∨B∨-intro1

∧elim1

A∧B ⊃ A∨B⊃-intro①

[A∧B]①

39

∀ (universal quantifier)1. Formation rule

Let A be a set and Q be a ``predicate on A,’’ i.e., a function from A to Set .

Then, ∀ A P is a formula.s a function from P to

Propositions.2. Introduction rule

Proofs of ∀ A P are exactly functions that take an element a of A and returns a proof ofP a,

3. Elimination ruleGiven a set A, a predicate P on

A, a proof of ∀ A P and an element a of A, the proposition P a is deduced.

∀ (A : Set) (P : A -> Set) : Setwhere∀Intro :

((a : A) -> P a) -> ∀ A P

∀Elim :{A : Set} -> {P : A -> Set} ->∀ A P -> (a : A) -> P a∀Elim (∀Intro f) a = f a

…

P a

∀ A P∀-intro, a

…

∀ A P

P a∀-elim

40

∃ (existential quantifier)record ∃ (A : Set)

(P : A -> Set) : Setwherefieldevidence : A∃Elim : P evidence

∃Intro : {A : Set} ->{P : A -> Set} ->(a : A) -> P a -> ∃ A P

∃Intro a prf =record { evidence = a ;

Elim = prf }

1. Formation ruleIf A is a set and P is a

predicate on A, ∃ P Qis a proposition.

2. Introduction ruleFrom A, P, an element a of

A and a proof P a, deduce ∃ A P.

Here, we call a to be the evidence used in this proof.

3. Elimination ruleFrom A, P and a proof of ∃ A P, deduce P a, where a is the element of A used as the evidence.

41

∃ (existential quantifier)record ∃ (A : Set)

(P : A -> Set) : Setwherefieldevidence : A∃Elim : P evidence

∃Elim : (A : Set) ->(P : A -> Set) -> (C :

Set) ->(∃ A P) -> (P a -> C) -> C

∃Elim A P C prf1 prf2 =

…

∃ A P

C∃-elim

C

…P a

3. Elimination ruleFrom A, P and a proof of ∃ A P, deduce P a, where a is the element of A used as the evidence.

42

Agda Language

• Type declaration – data … (recursive type)– record … (record)

• Function declaration (definitional equality)• Postulate• Module declaration → record type• fixity

43

Classical Logic, Excluded Middle

• Agda cannot prove Excluded Middle

• postulate:Introduce a fresh value of the given type.Can be lead

inconsistency

• LEM: 1.A “proof” of Law of

Excluded Middle is introduced.

1. postulate LEM :(P : Set) ->P ∨ (¬ P)

44

Example: Double Negation Elimination

DNE :{A : Set} ->(¬ (¬ A)) ⊃ A

DNE {A} =⊃Intro(¥(y : ¬ (¬ A)) ->∨ElimLEM(¥(w : A) -> w)(¥(z : ¬ A) ->(⊥Elim(¬Elim y z))))

⊥

A∨¬A [A]① AA

[¬A]①

∨-elimination

[¬¬A]②

①

LEM ⊥Elim

¬Elim

¬¬A⊃ A⊃-introduction②

45

Agenda• On Agda• Agda as a programming language• Agda as a proof system• Further information.

46

Further Information• Agda wiki

Recent Information of Agda (Agda2)

Google “Agda wiki” or go directly to http://www.cs.chalmers.se/~ulfn/Agda