I actually want to prove one theorem but i think if I prove on the other side that is fine also.
I have defined a stream of positive rationals like this:
one : ℤ
one = + 1
next : pair → pair
next q = if (n eq one) then (mkPair (+ m Data.Integer.+ one) 1)
else (mkPair (n Data.Integer.- one) (m Nat.+ 1))
where
n = getX q
m = getY q
-- eq is defined correctly for equivalence of two integer.
rational : Stream pair
rational = iterate next (mkPair one 1)
RQ : pair → Stream pair → Stream pair
RQ q (x ∷ xs) = (x add q) ∷ ♯ (RQ q (♭ xs))
positiveRat : Stream pair
positiveRat = RQ (mkPair (+ 0) (1)) rational
Here pair is a record with ℤ and ℕ fields:
--records of rational number
record pair : Set where
field
x : ℤ
y : ℕ
mkPair : ℤ → ℕ → pair
mkPair a b = record { x = a; y = b}
Now I want to prove that every rational which is in positiveRat will be positive.
open import Data.Stream
open import Data.Nat
open import Data.Rational
open import Data.Integer
open import Coinduction
open import Data.Unit
lemma : (x : pair) → (x ∈ positiveRat) → (+ 0 Data.Integer.≤ pair.x x)
lemma .(record { x = + 1 ; y = 1 }) here = +≤+ z≤n
lemma .(record { x = + 2 ; y = 1 }) (there here) = +≤+ z≤n
lemma .(record { x = + 1 ; y = 2 }) (there (there here)) = {!!}
lemma q (there (there (there pf))) = {!!}
I am writing the proof by splitting on pf. But it is unstoppable.
This is very easy to solve on this mock example because stream is periodic:
lemma : (x : ℚ) → (x ∈ stream) → (+ 0 Data.Integer.≤ ℚ.numerator x)
lemma .(record { numerator = + 1}) here = +≤+ z≤n
lemma .(record { numerator = + 2}) (there here) = +≤+ z≤n
lemma .(record { numerator = + 3}) (there (there here)) = +≤+ z≤n
lemma q (there (there (there pf))) = lemma q pf
However, I imagine in your real example, stream is not periodic. There is no generic answer; the correct proof of lemma depends on how your real stream is defined, so you will have to post that.
Related
After defining the naturals, addition and multiplication as usual, I set to write a proof that 1 is a neutral element.
p : (n : ℕ) -> (1 * n) ≡ n
p zero = refl
p (suc m) = refl
Which is fine!
Since refl appears in both alternatives, I thought this should type-check:
p : (n : ℕ) -> (1 * n) ≡ n
p _ = refl
But this fails with:
1 * n != n of type ℕ
when checking that the expression refl has type (1 * n) ≡ n
What causes type to not check here?
It's hard to diagnose an error without a MRE, no matter how standard you think your definitions are.
Your error presumably comes from the fact _+_ and _*_ are defined like so:
0 + n = n
m + 0 = m
suc m + n = suc (m + n)
0 * n = n
suc m * n = n + m * n
and so 1 * n = (suc 0) * n = n + 0 * n = n + 0 which is not judgmentally
equal to n because _+_ is strict in its first argument and so won't
evaluate until that first argument is constructor-headed.
Matching on n to expose a constructor is enough for _+_ to reduce:
0 + 0 is 0 by the first equation and suc m + 0 is suc m by the second.
I'm experimenting with Homotopy Type Theory in Agda. I use HITs to define the integers:
{-# OPTIONS --cubical --safe #-}
open import Cubical.Foundations.Prelude
open import Data.Nat using (ℕ; _+_)
data ℤ : Set where
-- | An integer i is a pair of natural numbers (m, n)
-- where i = m - n
int : ℕ → ℕ → ℤ
-- | (a, b) = (c, d)
-- a - b = c - d
-- a + d = b + c
int-eq : ∀ {a b c d : ℕ} → (a + d ≡ b + c) → int a b ≡ int c d
Now, I want to define addition on the integers:
add-ints : ℤ → ℤ → ℤ
add-ints (int a b) (int c d) = int (a + c) (b + d)
However, the compiler gives an error because I need to pattern match the equality constructors as well:
Incomplete pattern matching for add-ints. Missing cases:
add-ints (int-eq x i) (int x₁ x₂)
add-ints x (int-eq x₁ i)
when checking the definition of add-ints
So, I end up with this:
add-ints : ℤ → ℤ → ℤ
add-ints (int a b) (int c d) = int (a + c) (b + d)
add-ints (int-eq x i) (int c d) = { }0
add-ints (int a b) (int-eq x i) = { }1
add-ints (int-eq x i) (int-eq y j) = { }2
Agda's typed holes don't help:
?0 : ℤ
?1 : ℤ
?2 : ℤ
———— Errors ————————————————————————————————————————————————
Failed to solve the following constraints:
?0 (x = x) (i = i) (c = a) (d = b)
= ?2 (x = x) (i = i) (y = x₁) (j = i0)
: ℤ
?0 (x = x) (i = i) (c = c) (d = d)
= ?2 (x = x) (i = i) (y = x₁) (j = i1)
: ℤ
?1 (a = a₁) (b = b₁) (x = x₁) (i = i)
= ?2 (x = x) (i = i0) (y = x₁) (j = i)
: ℤ
?1 (a = c₁) (b = d₁) (x = x₁) (i = i)
= ?2 (x = x) (i = i1) (y = x₁) (j = i)
: ℤ
int (a + x) (b + x₁) = ?0 (x = x₂) (i = i0) (c = x) (d = x₁) : ℤ
int (c + x) (d + x₁) = ?0 (x = x₂) (i = i1) (c = x) (d = x₁) : ℤ
int (x + a) (x₁ + b) = ?1 (a = x) (b = x₁) (x = x₂) (i = i0) : ℤ
int (x + c) (x₁ + d) = ?1 (a = x) (b = x₁) (x = x₂) (i = i1) : ℤ
The Agda documentation gives examples of HIT usage, where it pattern matches on the equality constructors when operating on the torus and propositional truncation. However, as someone without a background in topology, I don't completely follow what's going on.
What is the purpose of the i and j from the [0, 1] interval, and why do they appear in my equality constructor patterns? How do I use i and j? How do I handle the higher inductive cases?
You can think of path constructors as taking an interval variable, and satisfying additional equations about the endpoints of that interval,
data ℤ : Set where
int : ℕ → ℕ → ℤ
int-eq : ∀ {a b c d : ℕ} → (a + d ≡ b + c) → I → ℤ
-- such that int-eq {a} {b} {c} {d} _ i0 = int a b
-- and int-eq {a} {b} {c} {d} _ i1 = int c d
In your equations for add-ints of int-eq you also have to produce a ℤ, and it has to match the first clause (for the int constructor) at both endpoints. These are the constraints that Agda reports, saying that the different clauses have to agree.
You can start with ?0 first. For which only the last two contraints matter. It helps here to fill in the implicit variables,
add-ints (int-eq {a0} {b0} {a1} {b1} x i) (int c d) = { }0
To match the first clause, you need to come up with a value of type ℤ that is equal to int (a0 + c) (b0 + d) when i = i0 and equal to int (a1 + c) (b1 + d) when i = i1. You can use an int-eq constructor for this,
?0 = int-eq {a0 + c} {b0 + d} {a1 + c} {b1 + d} ?4 i
The equality ?4 has to be worked out.
I am trying to proof inverse property over integer (which is represented as setoid i.e (a , b) represents a - b.)
I have defined the negation part as - (a , b) = (b , a):
-_ : ℤ -> ℤ
- (x , y) = (y , x)
is0 : ℤ → Set
is0 (a , b) = a ≡ b
leftInverse : (x : ℤ) → - x + x ≡ zero
leftInverse (x , x₁) = {!!}
The goal of this is : (x₁ ℕ.+ x) , (x ℕ.+ x₁) ≡ 0 , 0
I can not use cong₂ here. I am thinking of using if else statement but I dont know that it will be proof. How should i proceed??
I have defined Stream of positive rational like this.
one : ℤ
one = + 1
--giving a rational as input it will return next rational (in some down tailing method)
next : pair → pair
next q = if (n eq one) then (mkPair (+ m Data.Integer.+ one) 1)
else (mkPair (n Data.Integer.- one) (m Nat.+ 1))
where
n = getX q
m = getY q
--it will generate all rational from (1,1)
rational : Stream pair
rational = iterate next (mkPair one 1)
--it will get all the rational which are greater than the given rational.
RQ : pair → Stream pair → Stream pair
RQ q (x ∷ xs) = (x add q) ∷ ♯ (RQ q (♭ xs))
--This is a stream of positive rational greater than (0,1).
positiveRat : Stream pair
positiveRat = RQ (mkPair (+ 0) (1)) rational
here pair is a record with two field Z and N.
Now i want to prove that `for all x if x > 0 then x will belong to Stream of positive rational.
open import Data.Stream
open import Data.Nat
open import Data.Rational
open import Data.Integer
open import Coinduction
lemma : (x : pair) → ((+ 0) Data.Integer.≤ (pair.x x)) → ( x ∈ positiveRat )
lemma q proof = ?
An attempt to split proof leads to the following error message:
I'm not sure if there should be a case for the constructor +≤+,
because I get stuck when trying to solve the following unification
problems (inferred index ≟ expected index):
+ m ≟ + 0
+ n ≟ getX q₁
when checking that the expression ? has type q ∈ positiveRat
Please help to resolve this error.
I am writing a basic monadic parser in Idris, to get used to the syntax and differences from Haskell. I have the basics of that working just fine, but I am stuck on trying to create VerifiedSemigroup and VerifiedMonoid instances for the parser.
Without further ado, here's the parser type, Semigroup, and Monoid instances, and the start of a VerifiedSemigroup instance.
data ParserM a = Parser (String -> List (a, String))
parse : ParserM a -> String -> List (a, String)
parse (Parser p) = p
instance Semigroup (ParserM a) where
p <+> q = Parser (\s => parse p s ++ parse q s)
instance Monoid (ParserM a) where
neutral = Parser (const [])
instance VerifiedSemigroup (ParserM a) where
semigroupOpIsAssociative (Parser p) (Parser q) (Parser r) = ?whatGoesHere
I'm basically stuck after intros, with the following prover state:
-Parser.whatGoesHere> intros
---------- Other goals: ----------
{hole3},{hole2},{hole1},{hole0}
---------- Assumptions: ----------
a : Type
p : String -> List (a, String)
q : String -> List (a, String)
r : String -> List (a, String)
---------- Goal: ----------
{hole4} : Parser (\s => p s ++ q s ++ r s) =
Parser (\s => (p s ++ q s) ++ r s)
-Parser.whatGoesHere>
It looks like I should be able to use rewrite together with appendAssociative somehow,
but I don't know how to "get inside" the lambda \s.
Anyway, I'm stuck on the theorem-proving part of the exercise - and I can't seem to find much Idris-centric theorem proving documentation. I guess maybe I need to start looking at Agda tutorials (though Idris is the dependently-typed language I'm convinced I want to learn!).
The simple answer is that you can't. Reasoning about functions is fairly awkward in intensional type theories. For example, Martin-Löf's type theory is unable to prove:
S x + y = S (x + y)
0 + y = y
x +′ S y = S (x + y)
x +′ 0 = x
_+_ ≡ _+′_ -- ???
(as far as I know, this is an actual theorem and not just "proof by lack of imagination"; however, I couldn't find the source where I read it). This also means that there is no proof for the more general:
ext : ∀ {A : Set} {B : A → Set}
{f g : (x : A) → B x} →
(∀ x → f x ≡ g x) → f ≡ g
This is called function extensionality: if you can prove that the results are equal for all arguments (that is, the functions are equal extensionally), then the functions are equal as well.
This would work perfectly for the problem you have:
<+>-assoc : {A : Set} (p q r : ParserM A) →
(p <+> q) <+> r ≡ p <+> (q <+> r)
<+>-assoc (Parser p) (Parser q) (Parser r) =
cong Parser (ext λ s → ++-assoc (p s) (q s) (r s))
where ++-assoc is your proof of associative property of _++_. I'm not sure how would it look in tactics, but it's going to be fairly similar: apply congruence for Parser and the goal should be:
(\s => p s ++ q s ++ r s) = (\s => (p s ++ q s) ++ r s)
You can then apply extensionality to get assumption s : String and a goal:
p s ++ q s ++ r s = (p s ++ q s) ++ r s
However, as I said before, we don't have function extensionality (note that this is not true for type theories in general: extensional type theories, homotopy type theory and others are able to prove this statement). The easy option is to assume it as an axiom. As with any other axiom, you risk:
Losing consistency (i.e. being able to prove falsehood; though I think function extensionality is OK)
Breaking reduction (what does a function that does case analysis only for refl do when given this axiom?)
I'm not sure how Idris handles axioms, so I won't go into details. Just beware that axioms can mess up some stuff if you are not careful.
The hard option is to work with setoids. A setoid is basically a type equipped with custom equality. The idea is that instead of having a Monoid (or VerifiedSemigroup in your case) that works on the built-in equality (= in Idris, ≡ in Agda), you have a special monoid (or semigroup) with different underlying equality. This is usually done by packing the monoid (semigroup) operations together with the equality and bunch of proofs, namely (in pseudocode):
= : A → A → Set -- equality
_*_ : A → A → A -- associative binary operation
1 : A -- neutral element
=-refl : x = x
=-trans : x = y → y = z → x = z
=-sym : x = y → y = x
*-cong : x = y → u = v → x * u = y * v -- the operation respects
-- our equality
*-assoc : x * (y * z) = (x * y) * z
1-left : 1 * x = x
1-right : x * 1 = x
The choice of equality for parsers is clear: two parsers are equal if their outputs agree for all possible inputs.
-- Parser equality
_≡p_ : {A : Set} (p q : ParserM A) → Set
Parser p ≡p Parser q = ∀ x → p x ≡ q x
This solution comes with different tradeoffs, namely that the new equality cannot fully substitute the built-in one (this tends to show up when you need to rewrite some terms). But it's great if you just want to show that your code does what it's supposed to do (up to some custom equality).