lean2/doc/lean/declarations.org at 2e4a2451e67104d1a76af77f158a849ba9895e96

michael/lean2

Fork 0

Leonardo de Moura 98e66586e9 feat(frontends/lean/elaborator): elaborator rejects 'Type' if the universe is explicit

2014-10-02 14:29:51 -07:00

5 KiB

Raw Blame History

Lean declarations

Lean declarations

Definitions

The command definition declares a new constant/function. The identity function is defined as

  definition id {A : Type} (a : A) : A := a

We say definitions are "transparent", because the type checker can unfold them. The following declaration only type checks because + is a transparent definition. Otherwise, the type checker would reject the expression v = w since it would not be able to establish that 2+3 and 5 are "identical". In type theory, we say they are definitionally equal.

  import data.vector data.nat
  open nat
  check λ (v : vector nat (2+3)) (w : vector nat 5), v = w

Similarly, the following definition only type checks because id is transparent, and the type checker can establish that nat and id nat are definitionally equal, that is, they are the "same".

  import data.nat
  definition id {A : Type} (a : A) : A := a
  check λ (x : nat) (y : id nat), x = y

Theorems

In Lean, a theorem is just an opaque definition. We usually use theorem for declaring propositions. The idea is that users don't really care about the actual proof, only about its existence. As described in previous sections, Prop (the type of all propositions) is proof irrelevant. If we had defined id using a theorem the previous example would produce a typing error because the type checker would be unable to unfold id and establish that nat and id nat are definitionally equal.

Opaque definitions

Opaque definitions are similar to regular definitions, but they are only transparent in the module/file where they were defined. The idea is to allow us to prove theorems about the opaque definition C in the module where it was defined. In other modules, we can only rely on these theorems. That is, the actual definition is hidden/encapsulated, and the module designer is free to change it without affecting its "customers".

Actually, the opaque definition is only treated as transparent inside of other opaque definitions/theorems in the same module.

Here is an example

    import data.nat
    opaque definition id {A : Type} (a : A) : A := a
    -- The following command is type correct since it is being executed in the
    -- same file where id was defined
    check λ (x : nat) (y : id nat), x = y

    -- The following theorem is also type correct since id is being treated as
    -- transparent only in the proof by reflexivity.
    theorem id_eq {A : Type} (a : A) : id a = a :=
    eq.refl a

    -- The following transparent definition is also type correct. It uses
    -- id but it can be type checked without unfolding id.
    definition id2 {A : Type} (a : A) : A :=
    id a

    -- The following definition is type incorrect. It only type checks if
    -- we unfold id, but it is not allowed because the definition is opaque.
    /-
    definition buggy_def {A : Type} (a : A) : Prop :=
    ∀ (b : id A), a = b
    -/

Theorems are always opaque, but we should be able to type check their type in any module. The following theorem is type incorrect because we need to unfold the opaque definition id to type check it.

    import data.unit
    opaque definition id {A : Type} (a : A) : A := a
    /-
    theorem buggy_thm (a : unit) (b : id unit) : a = b :=
    unit.equal a b
    -/

In contrast, the following theorem is type correct because id is transparent in this example.

  import data.unit
  definition id {A : Type} (a : A) : A := a
  theorem simple (a : unit) (b : id unit) : a = b :=
  unit.equal a b

Private definitions and theorems

Sometimes it is useful to hide auxiliary definitions and theorems from the module interface. The keyword private allows us to declare local hidden definitions and theorems. A private definition is always opaque. The name of a private definition is only visible in the module/file where it was declared.

  import data.nat
  open nat
  private definition inc (x : nat) := x + 1
  private theorem inc_eq_succ (x : nat) : succ x = inc x :=
  rfl

  -- The definition inc and theorem inc_eq_succ are not visible/accessible
  -- in modules that import this one.

Protected definitions and theorems

Declarations can be be organized into namespaces. In the previous examples, we have been using the namespace nat. It contains definitions such as nat.succ and nat.add. The command open creates the aliases succ and add to these definitions. An alias will not be created for a protected definition unless the user explicitly request it.

  import data.nat
  open nat
  namespace foo
    definition two : nat := 2
    protected definition three : nat := 3
  end foo
  open foo
  check two

  -- The following command produces a 'unknown identifier' error
  /-
  check three
  -/

  -- We have to use its fully qualified name to access three
  check foo.three

  -- If the user explicitly request three, then an alias is created
  open foo (three)
  check three

5 KiB Raw Blame History