finished rewriting about to start Leibniz

This commit is contained in:
wadler 2018-01-31 10:20:37 -02:00
parent 27b038de35
commit dd021129f2

View file

@ -56,8 +56,8 @@ but on the left-hand side of the equation the argument has been instantiated to
which requires that `x` and `y` are the same. Hence, for the right-hand side of the equation which requires that `x` and `y` are the same. Hence, for the right-hand side of the equation
we need a term of type `x ≡ x`, and `refl` will do. we need a term of type `x ≡ x`, and `refl` will do.
It is instructive to create the definition of `sym` interactively. It is instructive to develop `sym` interactively.
Say we use a variable for the argument on the left, and a hole for the term on the right: To start, we supply a variable for the argument on the left, and a hole for the body on the right:
sym : ∀ {} {A : Set } {x y : A} → x ≡ y → y ≡ x sym : ∀ {} {A : Set } {x y : A} → x ≡ y → y ≡ x
sym r = {! !} sym r = {! !}
@ -190,8 +190,8 @@ where `e` is a proof of an equivalence.
## Tabular reasoning, another example ## Tabular reasoning, another example
As a second example of tabular reasoning, we consider the proof that zero is a right identity for As a second example of tabular reasoning, we consider the proof that addition
addition. We first repeat the definitions of naturals and addition. is commutative. We first repeat the definitions of naturals and addition.
We cannot import them because (as noted at the beginning of this chapter) We cannot import them because (as noted at the beginning of this chapter)
it would cause a conflict. it would cause a conflict.
\begin{code} \begin{code}
@ -204,22 +204,31 @@ zero + n = n
(suc m) + n = suc (m + n) (suc m) + n = suc (m + n)
\end{code} \end{code}
We now repeat the proof that zero is a right identity. We save space we postulate (rather than prove in full) two lemmas,
and then repeat the proof of commutativity.
\begin{code} \begin{code}
postulate
+-identity : ∀ (m : ) → m + zero ≡ m +-identity : ∀ (m : ) → m + zero ≡ m
+-identity zero = +-suc : ∀ (m n : ) → m + suc n ≡ suc (m + n)
+-comm : ∀ (m n : ) → m + n ≡ n + m
+-comm m zero =
begin begin
zero + zero m + zero
≡⟨ +-identity m ⟩
m
≡⟨⟩ ≡⟨⟩
zero zero + m
+-identity (suc m) = +-comm m (suc n) =
begin begin
suc m + zero m + suc n
≡⟨ +-suc m n ⟩
suc (m + n)
≡⟨ cong suc (+-comm m n) ⟩
suc (n + m)
≡⟨⟩ ≡⟨⟩
suc (m + zero) suc n + m
≡⟨ cong suc (+-identity m) ⟩
suc m
\end{code} \end{code}
The tabular reasoning here is similar to that in the The tabular reasoning here is similar to that in the
@ -231,21 +240,17 @@ to `≡⟨ refl ⟩`.
Agda always treats a term as equivalent to its Agda always treats a term as equivalent to its
simplified term. The reason that one can write simplified term. The reason that one can write
begin suc (n + m)
zero + zero
≡⟨⟩ ≡⟨⟩
zero suc n + m
is because Agda treats `zero + zero` and `zero` as the is because Agda treats both terms as the same.
same thing. This also means that one could instead write This also means that one could instead interchange
the proof in the form the lines and write
begin suc n + m
zero
≡⟨⟩ ≡⟨⟩
zero + zero suc (n + m)
and Agda would not object. Agda only checks that the terms and Agda would not object. Agda only checks that the terms
separated by `≡⟨⟩` are equivalent; it's up to us to write separated by `≡⟨⟩` are equivalent; it's up to us to write
@ -259,12 +264,12 @@ data even : → Set where
ev0 : even zero ev0 : even zero
ev+2 : ∀ {n : } → even n → even (suc (suc n)) ev+2 : ∀ {n : } → even n → even (suc (suc n))
\end{code} \end{code}
In the previous section, we proved `m + zero ≡ m`. In the previous section, we proved addition is commutative.
Given evidence that `even (m + zero)` holds, Given evidence that `even (m + n)` holds,
we ought also to be able to take that as evidence we ought also to be able to take that as evidence
that `even m` holds. that `even (n + m)` holds.
Agda supports special notation to support just this Agda includes special notation to support just this
kind of reasoning. To enable this notation, we use kind of reasoning. To enable this notation, we use
pragmas to tell Agda which types and constructors pragmas to tell Agda which types and constructors
correspond to equivalence and refl. correspond to equivalence and refl.
@ -273,79 +278,90 @@ correspond to equivalence and refl.
{-# BUILTIN REFL refl #-} {-# BUILTIN REFL refl #-}
\end{code} \end{code}
We can the prove the desired fact by rewriting. We can then prove the desired property as follows.
\begin{code} \begin{code}
even-identity : ∀ (m : ) → even (m + zero) → even m even-comm : ∀ (m n : ) → even (m + n) → even (n + m)
even-identity m ev rewrite +-identity m = ev even-comm m n ev rewrite +-comm m n = ev
\end{code} \end{code}
It is instructive to develop the code interactively. Here `ev` ranges over evidence that `even (m + n)` holds, and we show
that it is also provides evidence that `even (n + m)` holds. In
general, the keyword `rewrite` is followed by evidence of an
equivalence, and that equivalence is used to rewrite the type of the
goal and of any variable in scope.
It is instructive to develop `even-comm` interactively.
To start, we supply variables for the arguments on the left, and a hole for the body on the right:
We can also prove the converse.
\begin{code}
even-identity⁻¹ : ∀ (m : ) → even m → even (m + zero)
even-identity⁻¹ m ev rewrite sym (+-identity m) = {!!}
\end{code}
\begin{code}
postulate
+-comm : ∀ (m n : ) → m + n ≡ n + m
even-comm : ∀ (m n : ) → even (m + n) → even (n + m) even-comm : ∀ (m n : ) → even (m + n) → even (n + m)
even-comm m n ev rewrite sym (+-comm m n) = {!!} even-comm m n ev = {! !}
\end{code}
If we go into the hole and type `C-C C-,` then Agda reports:
Goal: even (n + m)
————————————————————————————————————————————————————————————
ev : even (m + n)
n :
m :
Now we add the rewrite.
even-comm : ∀ (m n : ) → even (m + n) → even (n + m)
even-comm m n ev rewrite +-comm m n = {! !}
If we go into the hole again and type `C-C C-,` then Agda now reports:
Goal: even (n + m)
————————————————————————————————————————————————————————————
ev : even (n + m)
n :
m :
Now it is trivial to see that `ev` satisfies the goal, and typing `C-C C-A` in the
hole causes it to be filled with `ev`.
## Multiple rewrites
Here is a proof of that claim One may perform multiple rewrites, each separated by a vertical bar. For instance,
in Agda. here is a second proof that addition is commutative, relying on rewrites rather
than tabular reasoning.
\begin{code} \begin{code}
even-id : ∀ (m : ) → even m → even (m + zero) +-comm : ∀ (m n : ) → m + n ≡ n + m
even-id m ev with m + zero | (+-identity m) +-comm zero n rewrite +-identity n = refl
... | .m | refl = ev +-comm (suc m) n rewrite +-suc n m | +-comm m n = refl
\end{code} \end{code}
The first clause asserts that `m + zero` and `m` are This is far more compact. Among other things, whereas the previous
identical, and the second clause justifies that assertion proof required `cong suc (+-comm m n)` as the justification to invoke the
with evidence of the appropriate equation. Note the inductive hypothesis, here it is sufficient to rewrite with `+-comm m n`, as
use of the "dot pattern" `.m`. A dot pattern is followed rewriting automatically takes congruence into account. Although proofs
by an expression (it need not be a variable, as it is in with rewriting are shorter, proofs in tabular form make the reasoning
this case) and is made when other information allows one involved easier to follow, and we will stick with the latter when feasible.
to identify the expession in the `with` clause with the
given expression. In this case, the identification of
`m + zero` and `m` is justified by the subsequent matching
of `+-identity m` against `refl`.
This is a lot of work to prove something straightforward!
Because this style of reasoning occurs often, Agda supports
a special notation
even-id : ∀ (m : ) → even (m + zero) → even m ## Rewriting expanded
even-id m ev = {!!}
Goal: even m The `rewrite` notation is in fact shorthand for an appropriate use of `with`
———————————————————————————————————————————————————————————— abstraction.
ev : even (m + zero) \begin{code}
m : even-comm : ∀ (m n : ) → even (m + n) → even (n + m)
even-comm m n ev with m + n | +-comm m n
... | .(n + m) | refl = ev
\end{code}
The first clause asserts that `m + n` and `n + m` are identical, and
the second clause justifies that assertion with evidence of the
appropriate equivalence. Note the use of the "dot pattern" `.(n +
m)`. A dot pattern is followed by an expression and is made when
other information allows one to identify the expession in the `with`
clause with the expression it matches against. In this case, the
identification of `m + n` and `n + m` is justified by the subsequent
matching of `+-comm m n` against `refl`. One might think that the
first clause is redundant as the information is inherent in the second
clause, but in fact Agda is rather picky on this point: omitting the
first clause or reversing the order of the clauses will cause Agda to
report an error. (Try it and see!)
even-id : ∀ (m : ) → even (m + zero) → even m ## Leibniz equality
even-id m ev with m + zero | +-identity m
... | u | v = {!!}
Goal: even m
————————————————————————————————————————————————————————————
ev : even u
v : u ≡ m
u :
m :
> Cannot solve variable m of type with solution m + zero because
> the variable occurs in the solution, or in the type one of the
> variables in the solution
> when checking that the pattern refl has type (m + zero) ≡ m
The form of asserting equivalence that we have used is due to Martin Löf,
and was introduced in the 1970s.