Zulip Chat Archive
Stream: general
Topic: theorem or_eqv_ff1
Phiroc (Apr 06 2020 at 17:21):
Hello,
I am having trouble implementing the following theorems in *Verified Functional
Programming in Agda*:
-- p. 28 theorem or_eqv_ff1 : ∀{b1 b2}, b1 ∨ b2 = ff → b1 = ff | ff p := rfl | tt := absurd -- p. 31 theorem or_eqv_ff1' : ∀{b1 b2}, b1 ∨ b2 = ff → b1 = ff | ff p := rfl | tt p := p
I think the implications are causing a problem, but am not sure.
Could someone please help?
Thanks.
Phiroc
Reid Barton (Apr 06 2020 at 17:25):
I think there are some syntactic issues and maybe also some deeper semantic issues.
Reid Barton (Apr 06 2020 at 17:25):
What do the proofs look like in Agda?
Reid Barton (Apr 06 2020 at 17:26):
For starters, each of your functions has three arguments (b1, b2 and the proof that b1 ∨ b2 = ff) but you only match two things.
Reid Barton (Apr 06 2020 at 17:30):
Then, ∨ means "or" of Props, not bools. Actually I don't know how Lean is intepreting your theorem statement.
Phiroc (Apr 06 2020 at 17:31):
||≡ff1 : ∀ {b1 b2} → b1 || b2 ≡ ff → b1 ≡ ff ||≡ff1 {ff} p = refl ||≡ff1 {tt} () ||≡ff1 : ∀ {b1 b2} → b1 || b2 ≡ ff → b1 ≡ ff ||≡ff1 {ff} p = refl ||≡ff1 {tt} p = p
Johan Commelin (Apr 06 2020 at 17:33):
Logical operations are prefixed with b, so it's bnot, bor, band...
Reid Barton (Apr 06 2020 at 17:33):
So I think in Agda you don't write implicit arguments (like b2) on the left side of an equation unless you choose to, in Lean you do.
Johan Commelin (Apr 06 2020 at 17:33):
It's too bad they aren't in the bool namespace... because then you could've written p.or q
Reid Barton (Apr 06 2020 at 17:33):
In Agda {ff} is matching b1 and there is nothing for b2
Phiroc (Apr 06 2020 at 17:34):
I think p matches b2
Reid Barton (Apr 06 2020 at 17:34):
It doesn't, else how could the very last line ... p = p type check?
Phiroc (Apr 06 2020 at 17:36):
The book says:
This is the same as the earlier proof, but for the second clause of the definition, wehave
an actual defining equation that just returns the proof p of the impossible assumption.
The type of p is definitionally equal to tt ≡ ff, which is what we have for the desired
result with b1 instantiated to tt.
Phiroc (Apr 06 2020 at 17:39):
Regarding the first version of the theorem, the book says:
After this, we have a variable p corresponding to the sole explicit argument of this
proof, namely, the proof of our assumption. We actually do not need to use this
variable on the right-hand side in this case, because if we are in the case where b1
is ff, then our desired result is definitionally equal to just ff ≡ ff. So this equation
has just refl on the right-hand side, to prove that trivial equation ff ≡ ff.
Reid Barton (Apr 06 2020 at 17:41):
Right, p is the proof. Not b2.
Phiroc (Apr 06 2020 at 17:45):
Can you do pattern matching which includes proofs, in Lean, e.g. ff p above?
Kevin Buzzard (Apr 06 2020 at 17:46):
sure
Reid Barton (Apr 06 2020 at 17:49):
The first problem that we're discussing is that in Lean you have to match b2 explicitly and you haven't done it.
Phiroc (Apr 06 2020 at 17:49):
Here's Lean's rant about the first theorem:
bool-thms.lean:55:7: error
invalid function application in pattern, it cannot be reduced to a constructor (possible solution, mark term as inaccessible using '.( )')
↥ff
bool-thms.lean:55:7: error
equation type mismatch, term
rfl
has type
?m_2 = ?m_2
but is expected to have type
↥ff ∨ p = ff → ↥ff = ↥ff
Phiroc (Apr 06 2020 at 17:51):
This doesn't work either:
theorem or_eqv_ff1 : ∀{b1 b2}, b1 ∨ b2 = ff → b1 = ff | ff tt := rfl
Reid Barton (Apr 06 2020 at 17:52):
Okay so in fact Lean had a totally different interpretation of your statement.
The equivalent of Agda's || is Lean's bor as Johan wrote earlier. Not ∨.
Kevin Buzzard (Apr 06 2020 at 17:52):
rfl proofs X = X and you want to prove X -> X
Kevin Buzzard (Apr 06 2020 at 17:52):
But you are not using the correct "or" operator for bool so nothing will work
Phiroc (Apr 06 2020 at 17:52):
I'll try bor.
Kevin Buzzard (Apr 06 2020 at 17:52):
you're using the or which works on Propositions, not on booleans.
Bryan Gin-ge Chen (Apr 06 2020 at 17:53):
You should be able to use || for bor since it's declared as notation in the core library.
Reid Barton (Apr 06 2020 at 17:55):
Phiroc said:
This doesn't work either:
theorem or_eqv_ff1 : ∀{b1 b2}, b1 ∨ b2 = ff → b1 = ff | ff tt := rfl
Now you are matching b2, but you still have to match the third argument too :slight_smile:
Reid Barton (Apr 06 2020 at 17:56):
I'm not sure how many of verified functional programming, Agda, and Lean are new to you, but if it's more than one, what you are trying to do sounds very difficult.
Reid Barton (Apr 06 2020 at 17:56):
I mean reading the book and translating it into Lean generally, not proving or_eqv_ff1 in particular.
Phiroc (Apr 06 2020 at 17:57):
I managed to make the first pattern-match work!
theorem or_eqv_ff1 : ∀{b1 b2}, bor b1 b2 = ff → b1 = ff | ff tt p := rfl
Reid Barton (Apr 06 2020 at 17:58):
By "match", I didn't necessarily mean you have to split into two cases for tt and ff--you can put a variable b2 there, or _.
Mario Carneiro (Apr 06 2020 at 17:58):
theorem or_eqv_ff1 : ∀{b1 b2}, b1 || b2 = ff → b1 = ff | ff _ _ := rfl
Mario Carneiro (Apr 06 2020 at 17:59):
I think you don't have to match on the second argument because in lean it's defined by cases only on the first argument
Phiroc (Apr 06 2020 at 17:59):
Why do you need p (the third parameter)?
Kevin Buzzard (Apr 06 2020 at 17:59):
because you're making a function with three inputs
Reid Barton (Apr 06 2020 at 18:00):
Try #check or_eqv_ff1 now that you proved it (or at least came close enough)
Mario Carneiro (Apr 06 2020 at 18:01):
You could write this:
theorem or_eqv_ff1 : ∀{b1 b2}, b1 || b2 = ff → b1 = ff | ff _ := λ _, rfl
but now lean complains that the match is nonexhaustive. What's happening is that lean is actually matching on the third argument (the proof) in all the impossible cases to prove they are impossible, and if you take it out of the match then lean requires branches for both ff and tt
Phiroc (Apr 06 2020 at 18:01):
theorem or_eqv_ff1 : ∀{b1 b2}, bor b1 b2 = ff → b1 = ff | ff _ _ := rfl | absurd
Phiroc (Apr 06 2020 at 18:01):
... but it doesn't check :-(
Kevin Buzzard (Apr 06 2020 at 18:02):
Did you read the error?
Mario Carneiro (Apr 06 2020 at 18:02):
You can explicitly prove the absurd cases like this:
theorem or_eqv_ff1 : ∀{b1 b2}, b1 || b2 = ff → b1 = ff | ff _ := λ _, rfl | tt _ := λ h, false.elim (bool.ff_ne_tt h.symm)
Mario Carneiro (Apr 06 2020 at 18:03):
| absurd is not valid syntax
Kevin Buzzard (Apr 06 2020 at 18:03):
absurd here means "let b1 be absurd"
Kevin Buzzard (Apr 06 2020 at 18:03):
I think you have bitten off more than you can chew. Do you know about pattern matching in general?
Reid Barton (Apr 06 2020 at 18:03):
If you want to write Lean then I think it will be much easier to start with a book that teaches Lean.
Kevin Buzzard (Apr 06 2020 at 18:04):
https://leanprover.github.io/theorem_proving_in_lean/inductive_types.html
Phiroc (Apr 06 2020 at 18:04):
I've done a bit of Idris programming.
Kevin Buzzard (Apr 06 2020 at 18:05):
Why don't you read a Lean book? Then all the proofs in the book will work
Reid Barton (Apr 06 2020 at 18:05):
If you want to read these languages then you can get by with knowledge from a similar language but writing is a different matter.
Kevin Buzzard (Apr 06 2020 at 18:05):
https://github.com/blanchette/logical_verification_2020/raw/master/hitchhikers_guide.pdf
Mario Carneiro (Apr 06 2020 at 18:06):
that link isn't working for me btw, did Jasmin break it with a recent update?
Kevin Buzzard (Apr 06 2020 at 18:06):
wgetting it works fine for me
Johan Commelin (Apr 06 2020 at 18:07):
@Mario Carneiro you are probably using a fancy browser... You should browse the web RMS style :stuck_out_tongue_wink:
Phiroc (Apr 06 2020 at 18:08):
I'll go throught the books. Many thanks.
Kevin Buzzard (Apr 06 2020 at 18:09):
Ask if you don't follow something in the books. Theorem Proving In Lean is an excellent place to start for someone with a computer science background.
Last updated: Dec 20 2023 at 11:08 UTC