11= ProofObjects : The Curry-Howard Correspondence
22
33> module ProofObjects
4+ >
45
56\ say{\ textit{Algorithms are the computational content of proofs. }}
67-- Robert Harper
78
9+ > import Logic
10+ > import IndProp
11+ >
12+
813We have seen that Idris has mechanisms both for _programming_, using inductive
914data types like \idr{Nat } or \idr{List } and functions over these types, and for
1015_proving_ properties of these programs, using inductive propositions (like
@@ -33,14 +38,16 @@ Answer: They are types!
3338
3439Look again at the formal definition of the \idr{Ev} property.
3540
36- > data Ev : Nat -> Type where
37- > Ev_0 : Ev Z
38- > Ev_SS : {n : Nat} -> Ev n -> Ev (S (S n ))
41+ ```idris
42+ data Ev : Nat -> Type where
43+ Ev_0 : Ev Z
44+ Ev_SS : {n : Nat} -> Ev n -> Ev (S (S n ))
45+ ```
3946
4047Suppose we introduce an alternative pronunciation of "\idr{:}". Instead of "has
4148type," we can say "is a proof of ." For example , the second line in the
4249definition of \idr{Ev} declares that \idr{Ev_0 : Ev 0 }. Instead of "\idr{Ev_0}
43- has type \idr{Ev }0 ," we can say that "\idr{Ev_0} is a proof of \idr{Ev 0 }."
50+ has type \idr{Ev 0 } ," we can say that "\idr{Ev_0} is a proof of \idr{Ev 0 }."
4451
4552This pun between types and propositions — between \idr{:} as "has type " and
4653\idr{:} as "is a proof of " or "is evidence for" — is called the Curry -Howard
@@ -50,7 +57,7 @@ world of computation:
5057 propositions ~ types
5158 proofs ~ data values
5259
53- \todo[inline]{Add link }
60+ \todo[inline]{Add http ://dl.acm.org/citation.cfm?id= 2699407 as a link }
5461
5562See [Wadler 2015 ] for a brief history and an up-to-date exposition .
5663
@@ -83,11 +90,9 @@ ev_4 = Ev_SS (Ev_SS Ev_0)
8390As a matter of fact, we can also write down this proof object directly, without
8491the need for a separate proof script:
8592
86- \todo[inline]{Doesn't work in Idris REPL}
87-
88- ```coq
89- Check (ev_SS 2 (ev_SS 0 ev_0)).
90- (* ===> ev 4 *)
93+ ```idris
94+ λΠ> Ev_SS $ Ev_SS Ev_0
95+ Ev_SS (Ev_SS Ev_0 ) : Ev 4
9196```
9297
9398The expression \idr{Ev_SS {n=2} $ Ev_SS {n=0} Ev_0} can be thought of as
@@ -212,19 +217,20 @@ For example, consider this statement:
212217> ev_plus4 : Ev n -> Ev (4 + n)
213218> ev_plus4 x = Ev_SS $ Ev_SS x
214219
215- What is the proof object corresponding to ev_plus4 ?
220+ What is the proof object corresponding to ` ev_plus4` ?
216221
217- We're looking for an expression whose type is \idr{{n: Nat} -> Ev n -> Ev (4 +
218- n)} — that is , a function that takes two arguments (one number and a piece of
219- evidence) and returns a piece of evidence ! Here it is:
222+ We're looking for an expression whose type is
223+ \idr{{n: Nat} -> Ev n -> Ev (4 + n)} — that is , a function that takes two
224+ arguments (one number and a piece of evidence) and returns a piece of evidence !
225+ Here it is:
220226
221227```coq
222228Definition ev_plus4' : forall n , ev n -> ev (4 + n) :=
223229 fun (n : Nat) => fun (H : ev n ) =>
224230 ev_SS (S (S n)) (ev_SS n H).
225231```
226232
227- Recall that ` fun n=> blah` means "the function that, given \idr{n}, yields
233+ Recall that \idr{\ n = > blah} means " the function that, given \idr{n}, yields
228234\idr{blah}," and that Idris treats \ idr{4 + n} and \ idr{S (S (S (S n)))} as
229235synonyms. Another equivalent way to write this definition is :
230236
@@ -237,19 +243,19 @@ Check ev_plus4''.
237243```
238244
239245When we view the proposition being proved by \idr{ev_plus4} as a function type,
240- one aspect of it may seem a little unusual. The second argument' s type, \ idr{ Ev
241- n}, mentions the _value_ of the first argument, \ idr{n}. While such _dependent
242- types_ are not found in conventional programming languages, they can be useful
243- in programming too, as the recent flurry of activity in the functional
246+ one aspect of it may seem a little unusual. The second argument' s type,
247+ \ idr{ Ev n}, mentions the _value_ of the first argument, \ idr{n}. While such
248+ _dependent types_ are not found in conventional programming languages, they can
249+ be useful in programming too, as the recent flurry of activity in the functional
244250programming community demonstrates.
245251
246252\ todo[inline]{Reword ? }
247253
248- Notice that both implication (\ idr{- >}) and quantification (\idr{(x : t) -> f
249- x }) correspond to functions on evidence. In fact, they are really the same
250- thing: \idr{- >} is just a shorthand for a degenerate use of quantification where
251- there is no dependency, i.e., no need to give a name to the type on the
252- left-hand side of the arrow.
254+ Notice that both implication (\ idr{- >}) and quantification
255+ (\idr{(x : t) -> f x }) correspond to functions on evidence. In fact, they are
256+ really the same thing: \idr{- >} is just a shorthand for a degenerate use of
257+ quantification where there is no dependency, i.e., no need to give a name to the
258+ type on the left-hand side of the arrow.
253259
254260For example, consider this proposition:
255261
@@ -273,8 +279,8 @@ In general, "\idr{p -> q}" is just syntactic sugar for "\idr{(_ : p) -> q}".
273279\ \todo[inline]{Edit and move to an appendix about ElabReflection/Pruviloj?}
274280
275281If we can build proofs by giving explicit terms rather than executing tactic
276- scripts, you may be wondering whether we can build _programs_ using _tactics_ rather
277- than explicit terms. Naturally, the answer is yes!
282+ scripts, you may be wondering whether we can build _programs_ using _tactics_
283+ rather than explicit terms. Naturally, the answer is yes!
278284
279285```coq
280286Definition add1 : Nat -> Nat.
@@ -316,7 +322,7 @@ see these definitions in this section.
316322
317323=== Conjunction
318324
319- \ \todo[inline]{Edit/remove most of this }
325+ \ \todo[inline]{Edit}
320326
321327To prove that \idr{(p,q)} holds, we must present evidence for both \idr{p} and
322328\idr{q}. Thus, it makes sense to define a proof object for \idr{(p,q)} as
@@ -326,9 +332,9 @@ This leads to the following definition.
326332> data And : (p, q : Type) -> Type where
327333> Conj : p -> q -> And p q
328334
329- Notice the similarity with the definition of the \idr{Prod} type, given in chapter
330- `Poly`; the only difference is that \idr{Prod} takes Type arguments, whereas and takes
331- Prop arguments.
335+ Notice the similarity with the definition of the \idr{Prod} type, given in
336+ chapter `Poly`; the only difference is that \idr{Prod} takes Type arguments,
337+ whereas and takes Prop arguments.
332338
333339```idris
334340data Prod : (x, y : Type) -> Type where
@@ -341,32 +347,19 @@ hypothesis. Case analysis allows us to consider all possible ways in which
341347the `split` tactic actually works for any inductively defined proposition with
342348only one constructor. In particular, it works for \idr{And}:
343349
344- \todo[inline]{Copied `<->` for now}
345-
346- > iff : {p,q : Type} -> Type
347- > iff {p} {q} = (p -> q, q -> p)
348- >
349- > syntax [p] "<->" [q] = iff {p} {q}
350-
351-
352350> and_comm : (And p q) <-> (And q p)
353351> and_comm = (\(Conj x y) => Conj y x,
354352> \(Conj y x) => Conj x y)
355353
356-
357- This shows why the inductive definition of and can be manipulated by tactics as
358- we've been doing. We can also use it to build proofs directly, using
354+ This shows why the inductive definition of `and` can be manipulated by tactics
355+ as we've been doing. We can also use it to build proofs directly, using
359356pattern-matching. For instance:
360357
361- ```coq
362- Definition and_comm'_aux P Q (H : P /\ Q) :=
363- match H with
364- | conj HP HQ => conj HQ HP
365- end.
358+ > and_comm'_aux : And p q -> And q p
359+ > and_comm'_aux (Conj x y) = Conj y x
366360
367- Definition and_comm' P Q : P /\ Q <-> Q /\ P :=
368- conj (and_comm'_aux P Q) (and_comm'_aux Q P).
369- ```
361+ > and_comm' : (And p q) <-> (And q p)
362+ > and_comm' {p} {q} = (and_comm'_aux {p} {q}, and_comm'_aux {p=q} {q=p})
370363
371364
372365==== Exercise: 2 stars, optional (conj_fact)
0 commit comments