I am trying to prove commutative property for agda. I tried to explore the standard library but there is lot of complex thing which i could not understand.
I tried in this way --
comm : (a b : Q) -> (a + b) === (b + a)
the problem here is + which is not defined over Q in library. Can't we proof this without defining + over Q.
Please guide me.
You cannot prove this without first defining +.
If you get confused exploring the standard library I suggest you try to prove something easier first, in order to become more acquainted with Agda, before tackling this.
Of course you can't prove commutativity of an undefined function _+_; as a stupid counter-example, would you expect to be able to prove (a - b) == (b - a)? If not, why not? _-_ is just as much of an undefined function as _+_ at this point; it just has a different name...
Note that you can define addition for ℚ using elementary school math:
n ÷ p + m ÷ q = (n * q + m * p) ÷ (p * q)
and simplifying it by dividing both n * q + m * p and p * q with their GCD. I have already explained the details of this last step in this answer.
Related
Cosider the simple solution:
sol: solve(b * x - a, x);
a
[x = -]
b
how can I get the expression part sol: a / b out of the above result?
solution was offered to me here.
Thanks to Johann Weilharter I found one way to extract the expression:
sol: ev(x, solve(b * x - a, x)[1]);
Of course, if there is more than one solution, you need to change 1 to the specific instance.
Alternatively, as pointed out in the comments of the question, one can also use
sol: rhs(first(solve(b * x - a, x)));
oneliner to do the job.
What you need is a symbolic evaluation library. If you are considering a python implementation, you can use SymPy.
import sympy as sym
x = sym.Symbol('x')
b = sym.Symbol('b')
a = sym.Symbol('a')
sol = sym.solve((b * x - a), x)
print(sol)
------
[a/b]
I have a formlua in DNF form, say:
abcx + abcy + abz
Is there any way to take out the common variables, to get the follwing formula:
ab (cx + cy + z)
A followup question, can it be done recursively, like
ab ( c(x+y) + z)
Sure.. Here's one way:
from z3 import *
a, b, c, x, y, z = Ints('a b c x y z')
print simplify(a*b*c*x + a*b*c*y + a*b*z, hoist_mul=True)
This prints:
a*b*(c*(x + y) + z)
which is exactly what you're looking for.
And for your next question, how did I find about hoist_cmul=True argument? Simply run:
help_simplify()
at your Python prompt, and it'll list you all the options simplify takes.
Note that you should in general not count on what the simplifier will give you. It's mostly heuristic driven, and in the presence of other terms what you get may not match what you expected. (It'll of course still be an equivalent expression.) There's no notion of "simplest" when it comes to arithmetic expressions, and what you consider simple and what z3 considers simple may not necessarily match.
I am trying to capture the fact that there's an induced partial ordering in any idempotent semiring in Isabelle/HOL but am having trouble working out the best/correct way to do it.
I define:
class idem_semiring_1 = semiring_1 +
assumes idem [algebra_simps]: ‹a + a = a›
begin
definition less_eq :: ‹'a ⇒ 'a ⇒ bool›
where ‹less_eq a b ⟷ a + b = b›
definition less :: ‹'a ⇒ 'a ⇒ bool›
where ‹less a b ⟷ less_eq a b ∧ ¬ less_eq b a›
end
Now, it's straightforward to demonstrate that less_eq and less satisfy all of the laws of the order type class. However, is there a way of convincing Isabelle/HOL that any instance of idem_semiring_1 is also necessarily an instance of order using these definitions, so that the following query type-checks?
term ‹(y::'a::{idem_semiring_1}) ≤ x›
No combination of subclass, sublocale, etc., incantations seems to achieve what I want. In particular, the following:
sublocale idem_semiring_1 ⊆ order less_eq less
by (standard; clarsimp simp add: algebra_simps less_eq_def less_def) (metis add.assoc)
seems to work, as in the following lemmas become trivially provable via simp:
lemma
fixes x::‹'a::{idem_semiring_1}›
shows ‹less_eq x x›
by simp
lemma
assumes ‹less_eq x y›
and ‹less_eq y z›
shows ‹less_eq x z›
using assms by simp
but the following does not type-check:
lemma
fixes x :: ‹'a::{idem_semiring_1}›
shows ‹x ≤ x›
What am I not doing to convince Isabelle to connect the ≤ syntax with the less_eq definition?
What if you defined idem_semiring_1 like this:
class idem_semiring_1 = semiring_1 + order +
assumes idem [algebra_simps]: ‹a + a = a› and
less_eq_idem_semiring_1: ‹a ≤ b ⟷ a + b = b›
The Agda Standard Library exports some operators that allow you to write proofs in a manner similar to what you would do on paper, or how it is taught in the Haskell community. While you can write "conventional" Agda proofs in a somewhat systematic manner by refining a Goal using with abstractions, rewrites or helper lemmas as needed, it isn't really clear to me how a proof using the equality reasoning primitives "comes to be".
That is, while you can find examples about what these proofs look like when they are finished and type-check here and there, these already worked examples don't show you how they are developed in a systematic step-by-step (maybe hole-driven) manner.
How is it done in practice? Do people "refactor" an already existing proof? Do you try to "burn the candle from both sides" by starting with the left-hand and right-hand sides of the initial Goal and a hole in the middle?
Furthermore, the Agda documentation states that if the equality reasoning primitives are in scope, "then Auto will do equality reasoning using these constructs". What does that mean?
I would appreciate it if someone could point me in the right direction, or even post an example of how they develop these kinds of proofs step-by-step, what questions they ask themselves as they go through it, where they put the holes and so on. Thanks!
I think it would be more helpful for you to look at the definitions for equational reasoning for Identity here Equational Reasoning. The main point is that it is just a nicer way to apply transitivity chains and allowing the user to see the actual expression in code, rather than the proof evidence which is not that easy to read.
The way I go about building a proof using equational reasoning for any setoid is this. With the example of natural numbers
open import Relation.Binary.PropositionalEquality
open ≡-Reasoning
data ℕ : Set where
zero : ℕ
succ : ℕ → ℕ
_+_ : ℕ → ℕ → ℕ
m + zero = m
m + succ n = succ (m + n)
Let's take commutativity as an example.
This is how I start with the goals.
comm+ : ∀ m n → m + n ≡ n + m
comm+ m zero = {!!}
comm+ m (succ n) =
begin
succ (m + n)
≡⟨ {!!} ⟩
succ n + m
∎
Now I see the original expression and goal and my goal proof is between the brackets.
I work only on the expression leaving the proof objects untouched and add
what I think should work.
comm+ : ∀ m n → m + n ≡ n + m
comm+ m zero = {!!}
comm+ m (succ n) =
begin
succ (m + n)
≡⟨ {!!} ⟩
succ (n + m)
≡⟨ {!!}⟩
succ n + m
∎
Once I think I have a proof, I work on the proof objects that justify my steps.
Regarding the auto-tactic, you should not bother with that in my opinion. It's not being worked on for a while.
Somewhere in my code, I have a hole which expects a natural number, let's call it n for our purposes. I have a function which returns me a n + 0.
Data.Nat.Properties.Simple contains a proof +-right-identity of the following type:
+-right-identity : ∀ n → n + 0 ≡ n
I'm not familiar enough with the Agda syntax and stdlib yet to know how to easily use this proof to convince the type checker that I can use my value.
More generally, how to I use a relation x ≡ y to transform a given x into y?
I found an answer in this thread: Agda Type-Checking and Commutativity / Associativity of +
For future readers, the keyword I was looking for was rewrite.
By appending rewrite +-right-identity n to the pattern matching (before the = sign), Agda "learned" about this equality.