Zulip Chat Archive
Stream: Type theory
Topic: Metamathematics in lean 4
Mario Carneiro (May 02 2021 at 17:05):
What is your use case?
Mac (May 02 2021 at 17:05):
I am writing a metalogic in Lean 4.
Mac (May 02 2021 at 17:06):
Each logic thus has its own Prop type (and thus possibly its own definition of equality).
Mario Carneiro (May 02 2021 at 17:06):
Okay, that's been done in lean 3 and it doesn't require eliminating =
Mario Carneiro (May 02 2021 at 17:07):
You can overload the syntax if you really want to, but I wouldn't recommend it
Mario Carneiro (May 02 2021 at 17:07):
because you need that equality for metatheory reasoning
Mac (May 02 2021 at 17:07):
So what, you want to always write L |- eq a b instead of the cleaner L |- a = b?
Mario Carneiro (May 02 2021 at 17:07):
no, I would use some other = like symbol
Mario Carneiro (May 02 2021 at 17:08):
I think flypitch used \simeq
Mac (May 02 2021 at 17:08):
But, it is equality?
Mario Carneiro (May 02 2021 at 17:08):
No it's not equality
Mario Carneiro (May 02 2021 at 17:08):
it's provable equivalence in the theory
Mario Carneiro (May 02 2021 at 17:08):
equality is equality of terms which is something else
Mac (May 02 2021 at 17:08):
Which is what Lean's Eq is: provable equivalence in Lean's theory?
Mario Carneiro (May 02 2021 at 17:09):
Lean is the metatheory
Mario Carneiro (May 02 2021 at 17:09):
your logic is the theory
Mac (May 02 2021 at 17:09):
I am aware?
Mario Carneiro (May 02 2021 at 17:09):
You can only say that Eq is not true equality if you can step outside lean, which only works inside tactics and such
Mario Carneiro (May 02 2021 at 17:10):
if you are doing mathematics in lean then Eq is equality
Mac (May 02 2021 at 17:10):
Maybe you and I have different ideas of what qualifies as "true equality"
Mario Carneiro (May 02 2021 at 17:10):
It depends on the metalogic we are working in
Mac (May 02 2021 at 17:10):
Honestly, I am not even sure I agree that there is a "true equality" (except maybe identity -- and Lean's equality is most certainly not that)
Mario Carneiro (May 02 2021 at 17:11):
identity is just another word for equality
Mac (May 02 2021 at 17:11):
I disagree?
Mario Carneiro (May 02 2021 at 17:11):
Lean's equality is equality in the mathematical sense, provided we are not doing lean metatheory
Mac (May 02 2021 at 17:12):
No its not? Considering that defeq and Eq are not synonymous?
Mario Carneiro (May 02 2021 at 17:12):
if we are using lean as a metatheory for another logic then that logic has provable equivalence and lean has equality
Mario Carneiro (May 02 2021 at 17:12):
defeq is a metatheoretic notion
Mac (May 02 2021 at 17:13):
But as a result Lean's Eq does not satisfying the axioms of logical equality over Lean programs
Mario Carneiro (May 02 2021 at 17:13):
Huh?
Mario Carneiro (May 02 2021 at 17:13):
Eq certainly does satisfy the axioms of equality
Mario Carneiro (May 02 2021 at 17:13):
because we axiomatize it to be so
Mac (May 02 2021 at 17:14):
within proofs, yes, but not within Lean as a whole.
Mario Carneiro (May 02 2021 at 17:15):
I'm not sure what that means. In lean's logic, Eq is equality
Mac (May 02 2021 at 17:15):
A theory with logical equality should not be able (within the theory) to distinguish between two equal terms
Mac (May 02 2021 at 17:15):
Lean can, thus its Eq is not exactly true equality -- but I think you are said that when you were talking about tactics.
Mario Carneiro (May 02 2021 at 17:16):
How can it?
Mac (May 02 2021 at 17:16):
tactics can distinguish between defeq and Eq terms?
Mac (May 02 2021 at 17:17):
I feel like we are going very deep on a tangent that I am not sure is that important.
Mario Carneiro (May 02 2021 at 17:17):
tactics work in meta-lean, they can see distinctions that lean can't just as lean can see differences between provably equal terms in your logic
Mac (May 02 2021 at 17:18):
Mario Carneiro said:
tactics work in meta-lean, they can see distinctions that lean can't just as lean can see differences between provably equal terms in your logic
What do you consider to be Lean? I would certainly consider tactics part of Lean.
Mario Carneiro (May 02 2021 at 17:18):
I mean the lean logic
Mac (May 02 2021 at 17:18):
After all, you can prove things about them within Lean.
Mac (May 02 2021 at 17:19):
So there are two Lean logics then in your view? The Lean metalogic (used in tactics) and the Lean logic (where Eq is logical equality)?
Mario Carneiro (May 02 2021 at 17:19):
Eh, things get complicated if you do that. It's true that lean's tactics are expressed in lean's logic, but there are unverified bits performing the reflection, compilation and such
Mario Carneiro (May 02 2021 at 17:20):
It's certainly easiest to view them as entirely separate systems
Mac (May 02 2021 at 17:20):
Yes, but in Lean 4, all that is now writing in Lean, and can be dealt with in Lean proper.
Mario Carneiro (May 02 2021 at 17:20):
The fact that lean 4 is implemented in lean is incidental to this discussion
Mac (May 02 2021 at 17:21):
In fact isn't one of the main long-term goals of Lean 4 to verify Lean's parser/compiler in Lean?
Mario Carneiro (May 02 2021 at 17:21):
The lean kernel is not implemented in lean (yet)
Mario Carneiro (May 02 2021 at 17:22):
I don't know about that... I've suggested as much before but it seems that the developers have no intention of doing that themselves (although I think they would be fine with someone else doing it)
Mario Carneiro (May 02 2021 at 17:22):
Certainly partial is one roadblock to doing that in today's lean 4
Mac (May 02 2021 at 17:23):
Well yes, but that is partly due to the limitations of well-founded recursion in current Lean 4.
Mac (May 02 2021 at 17:23):
Also, so is the Lean logic (in your view) that which is verified by the kernel? Though, aren't tactics verified by the kernel too? After all, it verifies proofs.
Mario Carneiro (May 02 2021 at 17:24):
Yes, and yes (although calling tactics "verified by the kernel" is a bit of a stretch - they are typechecked)
Mario Carneiro (May 02 2021 at 17:26):
As an analogue, perhaps it helps to consider that peano arithmetic is a logic that is capable of talking about other logics, including peano arithmetic. It can serve as its own metalogic
Mario Carneiro (May 02 2021 at 17:26):
lean is doing something similar when you talk about lean tactics being objects in lean's logic
Mario Carneiro (May 02 2021 at 17:27):
But it is best to keep them separate, name them PA(meta) and PA(object) if you need to
Mario Carneiro (May 02 2021 at 17:28):
Perhaps "identity" and "equality" for you mean meta-= vs object-=
Mario Carneiro (May 02 2021 at 17:29):
When writing mathematics in lean, I treat lean as the object logic and mostly ignore the meta lean stuff except insofar as it affects proof construction techniques (i.e. what tactics to call)
Mac (May 02 2021 at 17:30):
"identity" for me means syntactic equality, but that is a fair alternative definition,
Mac (May 02 2021 at 17:30):
Mario Carneiro said:
When writing mathematics in lean, I treat lean as the object logic and mostly ignore the meta lean stuff except insofar as it affects proof construction techniques (i.e. what tactics to call)
That is a fair approach. It is simply not mine.
Mario Carneiro (May 02 2021 at 17:31):
When doing metamathematics in lean, it gets one step more complicated because we also get theory T and lean(object) is the metatheory for T
Mac (May 02 2021 at 17:32):
I treat Lean more as the basic system by which to express my notions. I actually try to avoid Lean Eq as it destroys syntactic equality which is what I want to try to keep as my background equality.
Mario Carneiro (May 02 2021 at 17:32):
For example, one place where Eq would come up when doing metamathematics is in defining substitution, which is an operation on terms
Mario Carneiro (May 02 2021 at 17:33):
you might have a theorem that says (P x)[a -> b] = P[a -> b] x[a -> b] where = is lean's =
Mario Carneiro (May 02 2021 at 17:35):
Equality comes up in a few places when defining proof rules. For example modus ponens, |- P => |- P -> Q => |- Q, is asserting equality between the two instances of P
Mario Carneiro (May 02 2021 at 17:35):
not equality in the theory, "syntactic equality", which since lean is the metatheory means Eq
Mac (May 02 2021 at 17:36):
Mario Carneiro said:
not equality in the theory, "syntactic equality", which since lean is the metatheory means
Eq
With all the macros and parsers, this is no longer entirely true.
Mario Carneiro (May 02 2021 at 17:36):
the macros and parsers don't matter for this
Mario Carneiro (May 02 2021 at 17:36):
they are all meta-lean
Mario Carneiro (May 02 2021 at 17:37):
we're using lean to write the proof theory for some axiom system T here
Mario Carneiro (May 02 2021 at 17:38):
meta-lean is only there to help us automate the construction of the inductive types defining provability and so on
Mac (May 02 2021 at 17:38):
Also how does " For example modus ponens, |- P => |- P -> Q => |- Q, is asserting equality between the two instances of P" hold. Modus Ponens is not symmetric, equality is.
Mac (May 02 2021 at 17:38):
Modus Ponens is a rewrite/reduction rule, not an equivalence rule.
Mario Carneiro (May 02 2021 at 17:39):
I'm saying that MP(h, h2) is a proof of |- Q provided h proves |- P, h2 proves |- P' -> Q, and P = P' where = is @Eq term
Mac (May 02 2021 at 17:40):
Ah
Mario Carneiro (May 02 2021 at 17:43):
as a rough sketch, that might look like this in lean:
/-- Terms of theory T -/
inductive term
| imp : term → term → term
open term
/-- Provable terms in theory T -/
inductive proof : term → Prop
| mp {P Q} : proof P → proof (imp P Q) → proof Q
example {P P' Q} (h : proof P) (h2 : proof (imp P' Q)) (e : P = P') : proof Q :=
by cases e; exact proof.mp h h2
Mac (May 02 2021 at 17:45):
That looks pretty familiar to me! XD
Considering that I am writing a metalogic in Lean, I have a definition very similar to this already.
Mario Carneiro (May 02 2021 at 17:45):
The observation I want to make here is that the = in e is lean's interpretation of "syntactic equality"
Mario Carneiro (May 02 2021 at 17:46):
if you step up a metalevel you will say "that's not syntactic equality! This is syntactic equality!" but you can keep playing that game
Mario Carneiro (May 02 2021 at 17:47):
at every level there is some = relation that the logic thinks is equality and is valid up to the rules of the logic
Mac (May 02 2021 at 17:47):
Well then there is also just real syntactic equality? What you are describing is what I would call logical equality.
Mario Carneiro (May 02 2021 at 17:48):
Again, one person's syntactic equality is another's logical equality
Mario Carneiro (May 02 2021 at 17:49):
what meta-lean thinks is syntactic equality is just logical equality in meta-meta-lean
Mac (May 02 2021 at 17:49):
No? Syntactically equality is equality of strings "a" = "a", "a" ne "b"?
Mario Carneiro (May 02 2021 at 17:50):
That looks exactly like the way logical equality of strings is defined
Mac (May 02 2021 at 17:50):
Yes within a logic
Mac (May 02 2021 at 17:51):
Syntactic equality is formal language concept, not a logical concept
Mac (May 02 2021 at 17:51):
At least in my view.
Mario Carneiro (May 02 2021 at 17:52):
Syntactic equality is formal language concept
Yes, that formal concept being equality, within the logic of the formalism itself
Mac (May 02 2021 at 17:52):
A logic can define an equality that does or does not mirror syntactic equality on the language, but that is different
Mac (May 02 2021 at 17:53):
I am curious, what is your position the philosophy of mathematics, are you a formalist or logicist (or something else)?
Mario Carneiro (May 02 2021 at 17:53):
Formalist, of course :oops:
Mac (May 02 2021 at 17:54):
? Well that makes me confused.
Mac (May 02 2021 at 17:54):
Because, afaik, formalism generally asserts that the notion of strings (and their identity) comes first before logic.
Mac (May 02 2021 at 17:54):
Which is my position
Mario Carneiro (May 02 2021 at 17:55):
Whenever you look at a logical system from a meta-perspective, all the things that used to look like "actual equality" become "equality in the theory" or what you call "logical equality", and you gain access to another more precise "actual equality", which you might call "syntactic equality"
Mario Carneiro (May 02 2021 at 17:55):
But any formal system can be meta-ified
Mac (May 02 2021 at 17:56):
My point is that there exists (imo) a notion of equality that lies outside of logic.
Mario Carneiro (May 02 2021 at 17:57):
Sure, there is some philosophical notion of equality but I would not generally admit something like "a" = "a" under that because the two a's have different positions in space
Mac (May 02 2021 at 17:57):
This notion may or may not be the concept which a given logic chooses to formalize as "equality"
Mac (May 02 2021 at 17:58):
Mario Carneiro said:
Sure, there is some philosophical notion of equality but I would not generally admit something like "a" = "a" under that because the two a's have different positions in space
Which is why the abstraction of characters and strings is need, only then can the philosophical notion bet applied. Neither of these, however, requires formal logic. At least from my formalist perspective. In fact, in my view, formal logic can only defined after these notions are grasped.
Mario Carneiro (May 02 2021 at 17:59):
Logic is a way to analyze and formalize relations and concepts we believe extra-logically
Mac (May 02 2021 at 17:59):
Formal logics can then, of course, formalize these notions within themselves.
Mario Carneiro (May 02 2021 at 18:00):
and since formal logic can be applied to any mathematical field, including itself, you get this meta business
Mac (May 02 2021 at 18:00):
Mario Carneiro said:
Logic is a way to analyze and formalize relations and concepts we believe extra-logically
That strikes me more as a statement of Logicism https://en.wikipedia.org/wiki/Logicism than Formalism https://en.wikipedia.org/wiki/Formalism_(philosophy_of_mathematics)
Mac (May 02 2021 at 18:01):
To quote from the page "In the philosophy of mathematics, formalism is the view that holds that statements of mathematics and logic can be considered to be statements about the consequences of the manipulation of strings (alphanumeric sequences of symbols, usually as equations) using established manipulation rules." (Emphasis mine)
Mario Carneiro (May 02 2021 at 18:01):
I don't disagree with that
Mario Carneiro (May 02 2021 at 18:02):
Mathematics is a game of symbols on a page
Mario Carneiro (May 02 2021 at 18:02):
or in the computer, as it were
Mac (May 02 2021 at 18:02):
As someone who considers myself a formalist more than a logicism (by these definitions) I would thus disagree with your definition of Logic.
Mac (May 02 2021 at 18:02):
Though I would also somewhat agree.
Mac (May 02 2021 at 18:03):
For me, "Reason" is closer to what you defined to be "Logic" and "Logic" is the manipulation of strings.
Mario Carneiro (May 02 2021 at 18:03):
I'm not sure it is especially productive, but I would disagree with the logicist claim that everything is or is reducible to logic. But I would agree that mathematics can be analyzed using logic
Mac (May 02 2021 at 18:04):
However, a fair alternative definition is "Logic" as you defined and "Formal Logic" as I have defined.
Mac (May 02 2021 at 18:05):
Mario Carneiro said:
I'm not sure it is especially productive, but I would disagree with the logicist claim that everything is or is reducible to logic. But I would agree that mathematics can be analyzed using logic
Logicism just claims that everything in mathematics reduces to logic (not everything in general). Do you disagree with that?
Mario Carneiro (May 02 2021 at 18:05):
depends on what "reduces to" means
Mario Carneiro (May 02 2021 at 18:06):
limiting to mathematics seems prudent
Mac (May 02 2021 at 18:07):
Mario Carneiro said:
depends on what "reduces to" means
Hence why the Wikipedia article phrases it 3 different ways: "mathematics is an extension of logic, some or all of mathematics is reducible to logic, or some or all of mathematics may be modelled in logic" XD
Mario Carneiro (May 02 2021 at 18:08):
If you rephrase something enough times it's hard to disagree with
Mac (May 02 2021 at 18:09):
Lol!
Mac (May 02 2021 at 18:11):
I think the key thrust of my point is this: I consider that abstraction of characters and strings and their identity (which I term "syntactic equality" or "identity") to be a more fundamental concept than "logic".
Mario Carneiro (May 02 2021 at 18:12):
In any case, when modelling logic in lean, that notion is Eq
Mac (May 02 2021 at 18:12):
"logic"s can (and may or may not) model these concepts but they exist (and can be conceived of) without them
Mario Carneiro (May 02 2021 at 18:12):
When viewing lean itself as a logic it is not
Mac (May 02 2021 at 18:14):
Mario Carneiro said:
In any case, when modelling logic in lean, that notion is
Eq
No. In fact Eq to a certain extent prevents the true notion of "syntactic equality" from being modelled (in my view).
Mac (May 02 2021 at 18:15):
As syntactically distinct things such as '1 + 1' and '2' can be considered Eq and can be substituted with one another in proofs (prohibiting distinction)
Mario Carneiro (May 02 2021 at 18:15):
1+1 is just a way to denote 2, says lean
Mac (May 02 2021 at 18:15):
Logical equality undermines syntactic equality.
Mario Carneiro (May 02 2021 at 18:15):
if you want 1+1 in the logic you would use term.add term.one term.one
Mario Carneiro (May 02 2021 at 18:16):
and lean will agree that this is not term.two
Mac (May 02 2021 at 18:16):
Mario Carneiro said:
1+1 is just a way to denote 2, says lean
Exactly! Thus Lean does not preserve syntactic equality (within itself).
Mario Carneiro (May 02 2021 at 18:16):
but the logic will agree that proof (prop.eq (term.add term.one term.one) term.two)
Mac (May 02 2021 at 18:16):
However, with the new metaprogramming capabilities this can be resolved by cheating in many cases.
Mario Carneiro (May 02 2021 at 18:17):
I feel like you are missing the point of mathematics, 1+1=2 is how it's supposed to work
Mario Carneiro (May 02 2021 at 18:18):
those two are the same number
Mario Carneiro (May 02 2021 at 18:18):
they aren't terms, they are two ways to write the same natural number
Mac (May 02 2021 at 18:18):
That's fine, in mathematics.
Mario Carneiro (May 02 2021 at 18:18):
yes, and lean is "mathematics" here
Mario Carneiro (May 02 2021 at 18:19):
and theory T is "the logic under study"
Mac (May 02 2021 at 18:19):
No, Lean can be much more general than that.
Mac (May 02 2021 at 18:19):
After all, it is now a general purpose programming language.
Mario Carneiro (May 02 2021 at 18:19):
But we're using it to do mathematics
Mac (May 02 2021 at 18:19):
My system is a metalogic and it needs to be able to represent logics where 1 + 1 is not exactly 2
Mac (May 02 2021 at 18:20):
They may be mathematically equal, but not equal in other ways.
Mario Carneiro (May 02 2021 at 18:20):
That requires that you use the language of the theory under study
Mac (May 02 2021 at 18:20):
Like in general programming.
Mario Carneiro (May 02 2021 at 18:20):
don't use Nat if you want that
Mac (May 02 2021 at 18:20):
Which I am not.
Mario Carneiro (May 02 2021 at 18:21):
If you have a term inductive then it is easy to make those two distinguishable
Mac (May 02 2021 at 18:21):
In computer science 1 + 1 is generally not logically equal to 2 (as one is a computation and one is a constant)
Mario Carneiro (May 02 2021 at 18:22):
I would argue that that is a meta-theoretic notion. The object language version of that is 1 + 1 == 2 and most programming languages will tell you that's true
Mac (May 02 2021 at 18:22):
Mario Carneiro said:
If you have a
terminductive then it is easy to make those two distinguishable
Yeah, and I do do something like this.
Mario Carneiro (May 02 2021 at 18:23):
Certainly compilers seem to think that 1 + 1 is interchangeable with 2
Mac (May 02 2021 at 18:23):
Mario Carneiro said:
I would argue that that is a meta-theoretic notion. The object language version of that is
1 + 1 == 2and most programming languages will tell you that's true
Yes, but when it comes to compiling/optimizing they are initially distinct.
Mario Carneiro (May 02 2021 at 18:24):
they are logically equal but syntactically different, in the language from earlier
Mac (May 02 2021 at 18:25):
The point of optimization is to pick the computational representation of two logically equivalent expressions that is more efficient (faster/less space), which requires you to be able to distinguish two logically equivalent terns.
Mario Carneiro (May 02 2021 at 18:25):
right, which works because compilers work at the meta-level with respect to the program logic
Mac (May 02 2021 at 18:26):
Correct, though, you can also do the same within a single logic by reducing the scope of equality.
Mac (May 02 2021 at 18:27):
i.e. by making mathematical equality not identical to logical equality.
Mario Carneiro (May 02 2021 at 18:28):
There are issues that crop up when you use a logic as its own metalogic. I think if the object-= and meta-= coincide it would have to be a fairly trivial logic
Mac (May 02 2021 at 18:30):
I disagree. In fact, I don't think equality is all that significant of a concept in the first place (to computation). For example, Peano arithmetic can be defined without it (or with just partial equality -- symmetric and transitive with no substitution).
Mario Carneiro (May 02 2021 at 18:30):
peano arithmetic at least lets you prove 1+1=2
Mario Carneiro (May 02 2021 at 18:31):
that theorem would fail if logical equality is exactly syntactic equality
Mac (May 02 2021 at 18:31):
For some definition of equality.
Mario Carneiro (May 02 2021 at 18:31):
for a very useful definition of equality
Mac (May 02 2021 at 18:31):
Peano equality is actually not logical equality (it does not have predicate substitution as one of its axioms).
Mac (May 02 2021 at 18:32):
It is only reflexive, transitive, and symmetric (and only for natural numbers).
Mac (May 02 2021 at 18:32):
https://en.wikipedia.org/wiki/Peano_axioms
Mac (May 02 2021 at 18:32):
It's closure property for nats is also not symmetric.
Mac (May 02 2021 at 18:33):
So if you have a = b where a is a nat and b is unknown you can't prove b is a nat.
Mac (May 02 2021 at 18:34):
With a = b, you con only prove the converse (i.e. if b is a nat, then a is a nat)
Mac (May 02 2021 at 18:35):
In fact, the lack of symmetry is why Peano arithmetic is so popular in computer science. Because its definitions really don't need symmetry.
Mac (May 02 2021 at 18:36):
They only need rewrite and joinability.
Mario Carneiro (May 02 2021 at 18:36):
PA builds on FOL, which generally has the substitution property either built in or derivable
Mac (May 02 2021 at 18:36):
Modern PA builds on FOL, original PA does not.
Mac (May 02 2021 at 18:37):
In fact, original PA is second-order.
Mario Carneiro (May 02 2021 at 18:37):
Mac said:
So if you have a = b where a is a nat and b is unknown you can't prove b is a nat.
This one is listed as number 5 on wiki
Mac (May 02 2021 at 18:37):
number 5 is the converse
Mac (May 02 2021 at 18:37):
Mac said:
With a = b, you con only prove the converse (i.e. if b is a nat, then a is a nat)
Mario Carneiro (May 02 2021 at 18:38):
equality is symmetric
Mac (May 02 2021 at 18:38):
Only for nats in PA.
Mac (May 02 2021 at 18:38):
number 3: "For all natural numbers x and y, if x = y, then y = x."
Mac (May 02 2021 at 18:38):
If b is unknown you can't use symmetry.
Mac (May 02 2021 at 18:39):
You first have prove that both sides are natural before you can use symmetry.
Mario Carneiro (May 02 2021 at 18:39):
That seems like a typo or oversight in the presentation
Mac (May 02 2021 at 18:40):
I wrote proofs of all these things to test my metalogic.
Mac (May 02 2021 at 18:40):
It works as formulated on the Wiki page.
Mario Carneiro (May 02 2021 at 18:40):
In formal treatments of this usually "is a natural number" isn't even a thing
Mario Carneiro (May 02 2021 at 18:40):
you just have all things be natural numbers
Mac (May 02 2021 at 18:41):
true, but some interesting prosperities emerge if you do it like written.
Mac (May 02 2021 at 18:42):
It also probably because PA is generally embedded in other logics rather than used on its own.
Mario Carneiro (May 02 2021 at 18:43):
Incidentally, I have been working for a while on a formal library which is based on PA; I don't know of any larger practical formal development using PA as the basis
Mac (May 02 2021 at 18:43):
Nat in Lean (and most other functional languages) is a embedding of (modern) PA?
Mario Carneiro (May 02 2021 at 18:44):
DTT is way stronger than PA
Mac (May 02 2021 at 18:44):
Yes, true
Mario Carneiro (May 02 2021 at 18:44):
I mean a formalization of the axiom system PA and its consequences
Mario Carneiro (May 02 2021 at 18:45):
yes, you can do this in lean (in principle)
Mario Carneiro (May 02 2021 at 18:45):
as far as I know no one has worked out a significant amount of mathematics in that setting
Mac (May 02 2021 at 18:45):
Well, now its done in practice.:)
Mac (May 02 2021 at 18:46):
I mostly just did it as a test of my system. I did find a lot of (what I consider to be) interesting results though.
Mario Carneiro (May 02 2021 at 18:47):
It's one thing to write the axioms and quite another to construct finite set theory in it, recursive functions, provability, and some CS stuff
Mac (May 02 2021 at 18:48):
Well yeah
Mario Carneiro (May 02 2021 at 18:48):
I would like lean 4 to get to the point that writing extended formal developments in embedded languages is easy; in lean 3 it's a pretty big ergonomic step down from regular lean proofs
Mac (May 02 2021 at 18:49):
What do you mean by an "embedded language"?
Mario Carneiro (May 02 2021 at 18:49):
like, in principle you can write tactics and things to work on the embedded language but for the most part you are starting from scratch
Mario Carneiro (May 02 2021 at 18:50):
I mean "theory T" that you are defining in lean
Mario Carneiro (May 02 2021 at 18:50):
like if you define the language and proof theory of PA and then want to prove a bazillion theorems in it because you want to prove godel incompleteness
Mario Carneiro (May 02 2021 at 18:51):
the reason for writing it in lean is so that you can also prove theorems about the system, but theorems in the system are also important
Mac (May 02 2021 at 18:51):
I think my approach is rather ergonomic to a degree. I don't know what others would think of it though. It is also in super super alpha.
Mac (May 02 2021 at 18:52):
You can more or less create one-for-one tactics.
Mario Carneiro (May 02 2021 at 18:52):
like it would be great if rw and simp could be made to work
Mac (May 02 2021 at 18:52):
I think the most annoying thing to work with though would be linear logic as you cannot reduce most things to functions any more.
Mac (May 02 2021 at 18:53):
Mario Carneiro said:
like it would be great if
rwandsimpcould be made to work
Ah, then no, you would probably not like my approach then. I avoid those two commands like the plague.
Mario Carneiro (May 02 2021 at 18:53):
Hm, makes me wonder about porting Iris to lean 4
Mario Carneiro (May 02 2021 at 18:54):
why are you avoiding them?
Mac (May 02 2021 at 18:54):
I dislike rw and simp because they hide what rules/theorems you are actually using.
Mario Carneiro (May 02 2021 at 18:55):
if you are just trying to establish provability that's usually not a big deal
Mac (May 02 2021 at 18:55):
I want my proofs to be clear (and go to definition able)
Mario Carneiro (May 02 2021 at 18:55):
plus you can use simp only or only mark things as simp lemmas that you want to elide
Mac (May 02 2021 at 18:55):
Mario Carneiro said:
if you are just trying to establish provability that's usually not a big deal
True, but that is rarely my goal.
Mac (May 02 2021 at 18:55):
I am more interested in reverse mathematics.
Mac (May 02 2021 at 18:56):
i.e. I want to know exactly what assumptions were made to get to a given proof.
Mac (May 02 2021 at 18:56):
And I want to minimize them.
Mario Carneiro (May 02 2021 at 18:56):
That's what #print axioms is for
Mario Carneiro (May 02 2021 at 18:56):
well, you have more refined mechanisms for that in a deep embedding
Mario Carneiro (May 02 2021 at 18:57):
You can literally define a function on proofs that will tell you if you used only such and such assumptions
Mac (May 02 2021 at 18:57):
I like that stuff to be explicit. Also, print axioms only works for Lean axioms not other kinds of assumptions.
Mac (May 02 2021 at 18:58):
I also would like them to be readable in isolation from the source code.
Mario Carneiro (May 02 2021 at 18:58):
If you don't want to assume something, don't assume it
Mac (May 02 2021 at 18:59):
I want my lean proofs to more-or-less work (and be readable) in a vacuum.
Mac (May 02 2021 at 19:00):
And I am pretty happy with what I have gotten working in that regard.
Mario Carneiro (May 02 2021 at 19:00):
Those are not words I would use to describe lean
Mario Carneiro (May 02 2021 at 19:02):
there are quite a lot of things that go into turning lean text into a theorem/assertion
Mac (May 02 2021 at 19:02):
Here is my proof of commutativity of PA addition:
def addNatCommProof
{P : Sort u} {T : Sort v} {L : Logic P}
{N : PNat P T} {Q : SEq P T} {A : SAdd T}
(I : NatInductionRight L N)
(NS : NatSuccNat L N.toIsNat N.toSucc)
(NA : NatAddNat L N.toIsNat A)
(QEL : EqNatLeftEuc L N.toIsNat Q)
(QtS : EqNatToEqSucc L N.toIsNat Q N.toSucc)
(A0C : AddNatZeroComm L N.toIsNat Q A N.toZero)
(ASn : AddSuccNatEqSucc L N.toIsNat Q A N.toSucc)
(AnS : AddNatSuccEqSucc L N.toIsNat Q A N.toSucc)
: (a b : T) -> (L |- nat a) -> (L |- nat b) -> (L |- a + b = b + a)
:= by
refine natInductionRight ?f0 ?fS
case f0 =>
intro a Na
exact addNatZeroComm Na
case fS =>
intro b Nb Anb_eq_Abn a Na
have NSb := natS Nb
have NAab := natAdd Na Nb; have NSAab := natS NAab;
have NAba := natAdd Nb Na; have NSAba := natS NAba
have NASba := natAdd NSb Na; have NASab := natAdd Na NSb
apply eqNatLeftEuc NSAab NASab NASba
exact addNatSuccEqSucc Na Nb
apply eqNatLeftEuc NSAba NASba NSAab
exact addSuccNatEqSucc Nb Na
apply eqNatToEqSucc NAab NAba
exact Anb_eq_Abn a Na
I still think it needs some refinement, but I like the general structure (and notation).
Mac (May 02 2021 at 19:03):
I do want to try to automate the nat proofs though.
Mario Carneiro (May 02 2021 at 19:05):
I'm not so sure about "readable in a vaccum" from this end
Mario Carneiro (May 02 2021 at 19:05):
have/apply/exact is not a great recipe for proofs that can be read offline
Mac (May 02 2021 at 19:06):
True
Mac (May 02 2021 at 19:06):
I do think my current orientation is more for reading in an editor sadly (with the goal info view).
Mac (May 02 2021 at 19:07):
My point here was mostly to demonstrate what I mean by making assumption/inference rules explicit
Mac (May 02 2021 at 19:08):
I think that part at least is readable in a vacuum.
Mario Carneiro (May 02 2021 at 19:08):
I would have preferred to see the actual statements rather than AddNatZeroComm
Mac (May 02 2021 at 19:12):
That's fair. My approach to that is one of things I want to fine. Though the actual statement approach can get a little verbose, and makes synthesizing derivative statements impossible (the reason they are written like this is to make them type classes).
Mario Carneiro (May 02 2021 at 19:12):
why aren't they in square brackets then?
Mac (May 02 2021 at 19:13):
Because they aren't being synthesized.
Mario Carneiro (May 02 2021 at 19:14):
I think that it would be better to just have a #print axioms like approach here, since listing the axioms on every theorem will get repetitive (for you and your readers)
Mario Carneiro (May 02 2021 at 19:14):
just add the ability to query the axioms used by any theorem
Mac (May 02 2021 at 19:15):
That's fair. I just personally don't like that approach myself (though I will admit adding the axioms to every theorem can be tiresome).
Mario Carneiro (May 02 2021 at 19:16):
For example, this metamath theorem is a proof of commutativity of and, and in the axiom list it says it depends on ax-1, ax-2, ax-3, ax-mp, and definitions df-bi, df-an
Mac (May 02 2021 at 19:16):
Though, also, I am not sure how I would do that.
Mario Carneiro (May 02 2021 at 19:16):
it's much easier for the computer to collect and organize this information, and it doesn't prevent the proof author from optimizing it
Mario Carneiro (May 02 2021 at 19:17):
In principle #print axioms does the same thing but because most of the DTT axioms aren't listed it has limited usefulness
Mac (May 02 2021 at 19:18):
I don't think Lean has a way of automatically inferring hypotheses though?
Mario Carneiro (May 02 2021 at 19:19):
No, they aren't hypotheses here, just axioms/theorems
Mac (May 02 2021 at 19:19):
They are hypotheses.
Mario Carneiro (May 02 2021 at 19:19):
In your version they are, but they can be set up as axioms
Mario Carneiro (May 02 2021 at 19:19):
and then you can track the usage of those axioms
Mac (May 02 2021 at 19:19):
How so?
Mac (May 02 2021 at 19:20):
They are attached to a specific logic.
Mac (May 02 2021 at 19:20):
They don't hold in a vacuum
Mario Carneiro (May 02 2021 at 19:20):
Yeah, the logic contains constructors for all the axioms
Mario Carneiro (May 02 2021 at 19:20):
like the proof inductive I showed earlier
Mac (May 02 2021 at 19:20):
no it does not
Mac (May 02 2021 at 19:20):
Not in my system
Mario Carneiro (May 02 2021 at 19:20):
which has a constructor for mp
Mac (May 02 2021 at 19:21):
In fact, many of the inference rules I have cannot be written DTT.
Mario Carneiro (May 02 2021 at 19:21):
??
Mac (May 02 2021 at 19:21):
as part of an inductive type
Mario Carneiro (May 02 2021 at 19:21):
I don't believe you :P
Mac (May 02 2021 at 19:21):
For example by conditional proof, ((L |- p) -> (L |- q)) -> (L |- p -> q)
Mario Carneiro (May 02 2021 at 19:22):
That's fine
Mac (May 02 2021 at 19:22):
If L was an inductive type this could not be written like that.
Mario Carneiro (May 02 2021 at 19:22):
well, actually it won't have the right effect
Mario Carneiro (May 02 2021 at 19:22):
that's not how imp introduction works
Mario Carneiro (May 02 2021 at 19:23):
The reason that doesn't work is that if p is independent then that proof rule says that p is false
Mac (May 02 2021 at 19:23):
Yes that is how conditional proof works (the mp was a typo).
Mario Carneiro (May 02 2021 at 19:24):
The right way to write it is (L, p |- q) => (L |- p -> q)
Mario Carneiro (May 02 2021 at 19:24):
basically you need the context to be an explicit part of the provability judgment
Mario Carneiro (May 02 2021 at 19:24):
at least, if you want gentzen style imp introduction rules
Mac (May 02 2021 at 19:24):
Mario Carneiro said:
The reason that doesn't work is that if p is independent then that proof rule says that p is false
What do you mean by this?
Mac (May 02 2021 at 19:25):
Mario Carneiro said:
The right way to write it is
(L, p |- q) => (L |- p -> q)
I also don't know what that notation is meant to say.
Mario Carneiro (May 02 2021 at 19:26):
Suppose p is neither provable nor disprovable. Then L |- p is false, so L |- p -> L |- false is true, so L |- (p -> false) by your proof rule and so p is provably false. Thus every statement is provable or disprovable in the logic
Mac (May 02 2021 at 19:27):
"Suppose p is neither provable nor disprovable." That would mean that neither L |- p or (L |- p) -> False hold.
Mario Carneiro (May 02 2021 at 19:28):
No, It means that not (L |- p) and not (L |- not p)
Mac (May 02 2021 at 19:29):
L |- P is not (necessarily) a Prop
Mario Carneiro (May 02 2021 at 19:29):
doesn't really matter, use -> False if you like
Mac (May 02 2021 at 19:29):
L |- not p is not (necessarily) well-formed
Mac (May 02 2021 at 19:29):
That requires the language of L to have a not
Mario Carneiro (May 02 2021 at 19:30):
Okay... I am indeed making some bare minimum assumptions on the logic here
Mario Carneiro (May 02 2021 at 19:30):
if the logic doesn't have a false then perhaps it's not inconsistent if only because you can't express it
Mac (May 02 2021 at 19:30):
The logic is initially devoid of any rules and the prop is initially devoid of any syntax.
Mario Carneiro (May 02 2021 at 19:32):
Mac said:
Mario Carneiro said:
The right way to write it is
(L, p |- q) => (L |- p -> q)I also don't know what that notation is meant to say.
I'm not sure what L is, so let's add a context G, which is a list or set of formulas. The proof inductive is L, G |- p, and means that if we assume the formulas G then p follows. So in particular L, G |- p if p \in G. Then, the implication introduction rule is (L, p::G |- q) -> (L, G |- p -> q)
Mac (May 02 2021 at 19:33):
But yes with conditional proof, if I have (L |- p) -> False then L |- p -> q for all q. I don't see why that is a problem.
Mario Carneiro (May 02 2021 at 19:34):
Because you are lifting metalogical falsity into the logic
Mario Carneiro (May 02 2021 at 19:34):
That says "if p is not provable then p is disprovable"
Mario Carneiro (May 02 2021 at 19:34):
which is a very strong assumption
Mario Carneiro (May 02 2021 at 19:35):
in particular it is false for PA and ZFC and every other reasonable first order logic
Mac (May 02 2021 at 19:35):
If one wants a weaker assumption, feel free to use a weaker rule. But that, at least, is how I view the conditional proof rule to work.
Mac (May 02 2021 at 19:41):
If I can prove that (L |- p) does not hold, I can with the law of excluded middle, prove (L |- ~p) in most FO logic.
Mario Carneiro (May 02 2021 at 19:41):
The proof that L |- p does not hold is happening in the metalogic here
Mario Carneiro (May 02 2021 at 19:42):
for example, Godel's unprovable sentence
Mario Carneiro (May 02 2021 at 19:42):
It's not that the logic proves not p
Mario Carneiro (May 02 2021 at 19:42):
it is that the metalogic proves that L |- p is false, i.e. axiom system L does not prove p
Mario Carneiro (May 02 2021 at 19:43):
the law of excluded middle says L |- (p \/ ~p)
Mac (May 02 2021 at 19:43):
Incompleteness would be ((L |- p) \/ (L |- ~p) -> False), right? Not for a given p, (L |- p) -> False, correct?
Mario Carneiro (May 02 2021 at 19:44):
Yes. The first one says p is independent, and the second one says that p is not provable
Mario Carneiro (May 02 2021 at 19:44):
independent just means that neither p nor not p is provable
Mario Carneiro (May 02 2021 at 19:45):
but your axiom is essentially declaring that there are no independent sentences, which is also known as (syntactic) completeness
Mac (May 02 2021 at 19:47):
So it is saying that it implies that independence implies inconsistency, right?
Mario Carneiro (May 02 2021 at 19:47):
and Godel proved that such a system is inconsistent if it can handle basic arithmetic
Mac (May 02 2021 at 19:47):
Well, that is only true if the logical also includes FOL
Mario Carneiro (May 02 2021 at 19:47):
yes
Mac (May 02 2021 at 19:47):
If the metalogic is FOL (or DTT i.e. Lean), and the logic is just arithmatic that does not hold.
Mario Carneiro (May 02 2021 at 19:48):
there are complete axiom systems that are not strong enough for basic arithmetic
Mario Carneiro (May 02 2021 at 19:48):
but if it is strong enough to run godel's argument then it is inconsistent
Mario Carneiro (May 02 2021 at 19:51):
take a look at https://en.wikipedia.org/wiki/Proof_sketch_for_G%C3%B6del%27s_first_incompleteness_theorem to see whether your logic is weak enough; as long as it doesn't have FOL quantifiers or multiplication isn't total or something like that you might be able to get out of the issue
Mac (May 02 2021 at 19:51):
My point is that if you split the logic you can avoid that in many cases. For example, my fragment of PA is complete because only the equations and nat membership are statements in the logic. (It lacks quantifiers and propositional logical.)
Mac (May 02 2021 at 19:51):
Because all that is handled by the metalogic.
Mario Carneiro (May 02 2021 at 19:52):
If there are no quantifiers, then just have "all true sentences" as your axiom system and this is complete (and decidable)
Mac (May 02 2021 at 19:52):
Exactly
Mario Carneiro (May 02 2021 at 19:53):
in that case the L |- is just window dressing though
Mac (May 02 2021 at 19:54):
How so?
Mario Carneiro (May 02 2021 at 19:54):
you can prove L |- x = y <-> eval x = eval y more or less
Mac (May 02 2021 at 19:55):
Well I might not be able to evaluate x and y in the metalogic though by default.
Mario Carneiro (May 02 2021 at 19:55):
that's what I mean when I say it's decidable
Mario Carneiro (May 02 2021 at 19:55):
you can just lift the expressions into the metalogic
Mario Carneiro (May 02 2021 at 19:56):
you need some assumptions about plus and times
Mario Carneiro (May 02 2021 at 19:56):
but the ones in your sample proof should be close to all you need
Mac (May 02 2021 at 19:57):
Wait, but L is only a subset of the things provable in the metalogic.
Mario Carneiro (May 02 2021 at 19:57):
You will need to assume L is consistent for the reverse implication
Mac (May 02 2021 at 19:58):
like if I have (L |- 3 = 2) that does not mean that 3 = 2 in the metalogic.
Mario Carneiro (May 02 2021 at 19:58):
It does, if L is consistent
Mac (May 02 2021 at 19:58):
no it doesn't
Mario Carneiro (May 02 2021 at 19:58):
you might need something equivalent to not equal or less than in the logic
Mac (May 02 2021 at 19:58):
If I literally I have one axiom in I L, i.e L |- 3 = 2, that does not prove anything about 3 = 2 in the metalogic.
Mario Carneiro (May 02 2021 at 19:59):
normally you would be able to combine that with other axioms of L to prove L is inconsistent
Mario Carneiro (May 02 2021 at 19:59):
so if L is consistent then 3 = 2
Mac (May 02 2021 at 19:59):
consistency does not prove anything about the metalogic.
Mac (May 02 2021 at 20:00):
All consistency says is the ((p : P) -> (L |- p) /\ (L |- ~p) -> False)
Mario Carneiro (May 02 2021 at 20:01):
If L is consistent, and L |- 3 = 2, then (by using other axioms) L |- False and so L is inconsistent, contradiction, thus 3 = 2
Mario Carneiro (May 02 2021 at 20:01):
I'm assuming here that L is enough like PA that we can prove that L |- 3 != 2
Mac (May 02 2021 at 20:02):
If I have a logic with the propositions 3 = 2 ~(3 = 2) and the axiom L |- 3 = 2 that logic is both complete and consistent and says nothing about 3 = 2 in the metalogic
Mario Carneiro (May 02 2021 at 20:03):
You can use PA's other axioms to prove that 3 != 2
Mac (May 02 2021 at 20:03):
I am not talking about PA, I am just talking about some random logic L
Mario Carneiro (May 02 2021 at 20:04):
I'm talking about a random logic L with enough structure to run these arguments
Mac (May 02 2021 at 20:04):
That is sufficient structure.
Mac (May 02 2021 at 20:04):
A logic can be empty, it does not need proposition or rules.
Mario Carneiro (May 02 2021 at 20:05):
Okay but then you can't prove anything about it
Mario Carneiro (May 02 2021 at 20:05):
your earlier example had loads of assumptions about the logic
Mario Carneiro (May 02 2021 at 20:05):
I'm using those assumptions, more or less
Mac (May 02 2021 at 20:05):
Mac said:
If I have a logic with the propositions
3 = 2~(3 = 2)and the axiomL |- 3 = 2that logic is both complete and consistent and says nothing about3 = 2in the metalogic
The logic here is a valid logic with 2 propositions and 1 axiom and is complete and consistent.
Mario Carneiro (May 02 2021 at 20:05):
yes
Mario Carneiro (May 02 2021 at 20:06):
I'm talking about a logic with at least x + 0 = x and x + s y = s (x+y)
Mac (May 02 2021 at 20:06):
Yeah but the PA fragment used to prove the semiring properities doesn't even need negation.
Mac (May 02 2021 at 20:06):
So it is trivially consistent
Mario Carneiro (May 02 2021 at 20:06):
If you add 3 = 2 to such a theory then you will get x = y for all x, y
Mario Carneiro (May 02 2021 at 20:06):
which is the nearest equivalent to inconsistency
Mac (May 02 2021 at 20:07):
Yes, if you add that to axiom list
Mario Carneiro (May 02 2021 at 20:07):
so if we assume that it is not inconsistent in that sense, then we will indeed have L |- x = y -> eval x = eval y
Mario Carneiro (May 02 2021 at 20:08):
and the converse is trivial by reflexivity
Mac (May 02 2021 at 20:08):
actually no, L |- S 0 = 1 in PA, but S 0 = 1 is not true in the metalogic (Lean).
Mario Carneiro (May 02 2021 at 20:08):
eval x = eval y
Mac (May 02 2021 at 20:09):
there is no eval (S 0) in the metalogic.
Mario Carneiro (May 02 2021 at 20:09):
the right side equality is equality in Nat
Mario Carneiro (May 02 2021 at 20:09):
there is, it's pretty easy to define
Mac (May 02 2021 at 20:09):
Yes, if I define S and 0 and 1 as there Nat counterparts true.
Mac (May 02 2021 at 20:10):
but if I define them all as separate terms, then no.
Mario Carneiro (May 02 2021 at 20:10):
the idea here is to turn any provability question L |- x = y into a statement eval x = eval y that we can just evaluate in lean
Mac (May 02 2021 at 20:10):
i.e.
inductive term
| zero : term
| one : term
| succ : term -> term
Mario Carneiro (May 02 2021 at 20:11):
def eval : term -> Nat
| term.zero => 0
| term.one => 1
| term.succ x => eval x + 1
Mac (May 02 2021 at 20:12):
Well, yes because PA is embedded in Lean I can create an isomorphism between it and Lean, obviously.
Eric Wieser (May 02 2021 at 20:12):
Mario, your eval is not injective
Mario Carneiro (May 02 2021 at 20:13):
it's not supposed to be
Mac (May 02 2021 at 20:13):
Mac said:
Well, yes because PA is embedded in Lean I can create an isomorphism between it and Lean, obviously.
But that isomorphism does exist organically.
Mario Carneiro (May 02 2021 at 20:13):
it's supposed to translate L-provably equal terms into equal natural numbers
Mario Carneiro (May 02 2021 at 20:15):
Mac said:
Well, yes because PA is embedded in Lean I can create an isomorphism between it and Lean, obviously.
Not obviously: That only holds for the decidable fragment. If I use PA in place of L, then that will not be true for many quantified statements
Mario Carneiro (May 02 2021 at 20:16):
for example PA |- Con(PA) is false but Con(PA) is true (in lean)
Mac (May 02 2021 at 20:16):
I meant the PA fragment we were discussing.
Mario Carneiro (May 02 2021 at 20:16):
Without quantifiers, the logic becomes a roundabout way of talking about Nat
Mario Carneiro (May 02 2021 at 20:17):
that was my point
Mac (May 02 2021 at 20:17):
Okay, and that is a problem why?
Mario Carneiro (May 02 2021 at 20:17):
well, L doesn't contribute much in that case
Mac (May 02 2021 at 20:17):
well it is more limited than Nat
Mac (May 02 2021 at 20:17):
At least my fragment is
Mario Carneiro (May 02 2021 at 20:18):
Does your fragment have the axioms needed to establish the theorem I mentioned?
Mac (May 02 2021 at 20:18):
For example with my semiring fragment you can't prove 0 = 1 or 0 \ne 1
Mario Carneiro (May 02 2021 at 20:18):
but you can prove that 0 = 1 -> x = y
Mario Carneiro (May 02 2021 at 20:19):
which seems like basically the same as 0 \ne 1
Mac (May 02 2021 at 20:19):
Mario Carneiro said:
but you can prove that 0 = 1 -> x = y
How?
Mac (May 02 2021 at 20:19):
You can only prove that (L |- x = y) -> (eval x = eval y) for your eval
Mac (May 02 2021 at 20:20):
You can't prove eval x = eval y -> (L |- x = y)
Mario Carneiro (May 02 2021 at 20:20):
That should be the easy direction
Mac (May 02 2021 at 20:20):
My fragment lacks reflexivity
Mario Carneiro (May 02 2021 at 20:21):
ah... what
Mario Carneiro (May 02 2021 at 20:21):
ok then
Mario Carneiro (May 02 2021 at 20:21):
do you have 0 = 0?
Mac (May 02 2021 at 20:21):
no
Mac (May 02 2021 at 20:21):
That is not necessary for the semiring proofs
Mario Carneiro (May 02 2021 at 20:22):
do you have symmetry and transitivity?
Mario Carneiro (May 02 2021 at 20:22):
and 0 + 0 = 0
Mac (May 02 2021 at 20:22):
only transitivity and left euclideanness
Mario Carneiro (May 02 2021 at 20:22):
left euclidean implies transitive and symmetric
Mac (May 02 2021 at 20:22):
no it does not.
Mac (May 02 2021 at 20:22):
transitive and symmetric does imply left euclidean though
Mario Carneiro (May 02 2021 at 20:23):
do you have x + 0 = x?
Mac (May 02 2021 at 20:23):
yes
Mario Carneiro (May 02 2021 at 20:24):
then by left euclidean you have reflexivity
Mac (May 02 2021 at 20:24):
How?
Mario Carneiro (May 02 2021 at 20:24):
x + 0 = x and x + 0 = x so x = x
Mac (May 02 2021 at 20:25):
left euclidean, not right euclidean
Mac (May 02 2021 at 20:25):
x + 0 = x and x + 0 = x so x + 0 = x + 0
Mac (May 02 2021 at 20:28):
Furthermore, even if I had (L |- x = y) <-> eval x = eval y that does not prove that (L |- ~(x \ne y)) <-> (eval x \ne eval y), right or even ((L |- x = y) -> False) <-> ((eval x = eval y) -> False) (because Lean is intuitionistic)?
Mario Carneiro (May 02 2021 at 20:29):
Nat equality is decidable (also Lean is pretty classical)
Mario Carneiro (May 02 2021 at 20:30):
the last one is just not_congr applied to the first
Mac (May 02 2021 at 20:33):
Mario Carneiro said:
the last one is just
not_congrapplied to the first
Ah, but does it matter that (L |- x = y) is not necessarily a prop?
Mario Carneiro (May 02 2021 at 20:33):
not really, except that <-> doesn't apply to non-props
Mario Carneiro (May 02 2021 at 20:33):
just substitute L |- p = q with nonempty (L |- p = q)
Mac (May 02 2021 at 20:34):
Also, now that I think about it how do you even get (L |- x = y) -> eval x = eval y
Mac (May 02 2021 at 20:34):
how do you get from (L |- 0 = 0) to eval 0 = eval 0?
Mario Carneiro (May 02 2021 at 20:34):
That was the argument by inconsistency I mentioned
Mario Carneiro (May 02 2021 at 20:34):
That one is easy, ignore the proof
Mario Carneiro (May 02 2021 at 20:34):
0 = 0 is true
Mac (May 02 2021 at 20:35):
Oops, dumb me XD
Mac (May 02 2021 at 20:36):
how do you get from (L |- S 0 = 1) to eval (S 0) = eval 1
Mario Carneiro (May 02 2021 at 20:36):
That one is also true
Mario Carneiro (May 02 2021 at 20:36):
it's true by rfl
Mac (May 02 2021 at 20:36):
How so?
Mario Carneiro (May 02 2021 at 20:36):
This is where eric's observation that eval is not injective comes in
Mac (May 02 2021 at 20:36):
Remember that 0, S, and 1 are members of some arbitrary type P
Mac (May 02 2021 at 20:37):
sure, you gave an example of eval for one possible P
Mac (May 02 2021 at 20:37):
But you would need an eval instance of every possible type P
Mac (May 02 2021 at 20:37):
that has 0, S, and 1 instances
Mario Carneiro (May 02 2021 at 20:38):
In that generality it requires more assumptions: specifically, it only holds for terms built from 0, S, 1, and only if 0, S, 1 are distinct
Mac (May 02 2021 at 20:39):
what "it" requires more assumptions?
Mac (May 02 2021 at 20:39):
eval?
Mario Carneiro (May 02 2021 at 20:39):
In order to define eval, you need those assumptions
Mario Carneiro (May 02 2021 at 20:39):
and the theorem about eval that I mentioned only holds on those terms
Mac (May 02 2021 at 20:40):
So, i.e. the point of L
Mario Carneiro (May 02 2021 at 20:40):
If there are weird extra terms then you don't know whether they are equal or not
Mario Carneiro (May 02 2021 at 20:40):
unless there is an induction principle
Mac (May 02 2021 at 20:40):
exactly
Mario Carneiro (May 02 2021 at 20:41):
the induction principle lets you prove that there are no weird extra terms
Mac (May 02 2021 at 20:42):
So now eval has become almost as complex as L (and maybe more so)?
Mac (May 02 2021 at 20:42):
I again am missing your point.
Mario Carneiro (May 02 2021 at 20:43):
eval is exactly as complex as L, it's a function defined on L
Mac (May 02 2021 at 20:43):
so what was the point of this whole endeavor?
Mario Carneiro (May 02 2021 at 20:44):
if the theory is decidable then it is nice to have a decision procedure
Mario Carneiro (May 02 2021 at 20:44):
eval x = eval y is a decision procedure
Mac (May 02 2021 at 20:44):
But as we have already pointed out my fragment of PA is not decidable
Mario Carneiro (May 02 2021 at 20:45):
I'm not sure that's true
Mac (May 02 2021 at 20:45):
for one, it lacks reflexivity
Mario Carneiro (May 02 2021 at 20:45):
your fragment is perhaps not as simple as I said but that doesn't mean it's not decidable
Mario Carneiro (May 02 2021 at 20:46):
I would actually be surprised if it's not decidable
Mac (May 02 2021 at 20:46):
I mean I can't decide if (L |- 0 = 0) is true or false, that makes L undecidable, right?
Mario Carneiro (May 02 2021 at 20:47):
(I'm not entirely sure this is true, but) assuming that there is no hidden extra way to prove 0 = 0, then L |- 0 = 0 is false and hence decidable
Mario Carneiro (May 02 2021 at 20:47):
the goal here is to decide whether L |- x = y is true or false given terms x, y
Mac (May 02 2021 at 20:47):
I also can not prove (L |- 0 = 0) -> False either.
Mac (May 02 2021 at 20:48):
After all, Lean is not complete, right?
Mario Carneiro (May 02 2021 at 20:48):
I would be extremely surprised if it is actually independent of lean
Mac (May 02 2021 at 20:49):
How would I prove that?
Mac (May 02 2021 at 20:49):
None of the axioms provide me with a way to get false. I have no knowledge of the structure of L or P to do a proof by cases.
Mario Carneiro (May 02 2021 at 20:49):
You do have to assume that there are no additional axioms beyond the ones enumerated
Mac (May 02 2021 at 20:50):
So I would assume that (L |- 0 = 0) and (L |- 0 = 0) -> False are both not provable from the PA fragment
Mario Carneiro (May 02 2021 at 20:50):
I am saying that the PA fragment does not prove 0 = 0
Mac (May 02 2021 at 20:50):
Mario Carneiro said:
You do have to assume that there are no additional axioms beyond the ones enumerated
Ah, well then yes, (L |- 0 = 0) -> False is trivially provable.
Mario Carneiro (May 02 2021 at 20:51):
Not trivially, I think
Mac (May 02 2021 at 20:51):
By trivially. I meant under the current assumption that (L |- 0 = 0) is not an entailment of the fragment
Mac (May 02 2021 at 20:52):
Proving it might not be so fun.
Mario Carneiro (May 02 2021 at 20:53):
So the thing that is being proven in lean is really not ((L : Logic) -> (assumptions) -> (L |- 0 = 0))
Mac (May 02 2021 at 20:55):
Logic would have to a minimal representation of assumptions to show that though.
Mario Carneiro (May 02 2021 at 20:55):
and the proof is that if you take L to be the minimal logic satisfying the assumptions, then you can disprove L |- 0 = 0
Mac (May 02 2021 at 20:55):
i.e. you would also need an hypothesis stating that.
Mario Carneiro (May 02 2021 at 20:56):
so therefore it is not the case that every logic satisfying the assumptions has L |- 0 = 0
Mac (May 02 2021 at 20:56):
Mario Carneiro said:
and the proof is that if you take L to be the minimal logic satisfying the assumptions, then you can disprove L |- 0 = 0
correct
Mario Carneiro (May 02 2021 at 20:56):
you don't need minimality to be part of the theorem statement
Mac (May 02 2021 at 20:57):
So this maybe: exists (L : Logic) => not ((assumptions) -> (L |- 0 = 0))?
Mario Carneiro (May 02 2021 at 20:57):
yes, that's equivalent
Mario Carneiro (May 02 2021 at 20:59):
Do you mind if I relocate this conversation to #Type theory ? It's not a perfect fit but I feel like this has gotten somewhat off topic for the lean 4 stream
Mac (May 02 2021 at 21:00):
sure feel free
Notification Bot (May 02 2021 at 21:02):
This topic was moved here from #lean4 > associativity of ↔ by Mario Carneiro
Mac (May 02 2021 at 21:05):
though I might be more inclined to put it in the more general #maths instead (since that is one of the default streams)
Mario Carneiro (May 02 2021 at 21:06):
well I'm also concerned about putting hundreds of messages in everyone's inbox for a conversation that is mostly just us
Mario Carneiro (May 02 2021 at 21:07):
I don't think there are too many folks who do mathematical logic around here
Mac (May 02 2021 at 21:08):
Mario Carneiro said:
I don't think there are too many folks who do mathematical logic around here
That surprises me.
Mario Carneiro (May 02 2021 at 21:09):
mathlib doesn't really have any definition of a logic; the closest analogue is the definition of logic in flypitch (which was needed in order to state and prove the independence of CH)
Mario Carneiro (May 02 2021 at 21:13):
There are a few individual projects that have defined logics, but they are mostly one-off projects. I think Minchao Wu has a definition of a modal logic, as well as Paula Neeley; Alexandre Rademaker has some ontology thing that I don't fully understand; and there have been a few definitions of lambda calculus (with or without types) in this stream
Mario Carneiro (May 02 2021 at 21:15):
By the way, check out https://leanprover.zulipchat.com/#narrow/stream/236446-Type-theory/topic/Modelling.20a.20Type.20Theory.20in.20Lean/near/202076965 ; and_to_imp is the implication introduction rule I mentioned, although in this version G is just a single formula connected by conjunctions instead of a list
Mac (May 02 2021 at 21:26):
I still think my conditional proof rule is fine for the general case (and it mirrors the elimination rule, which is nice). It works fine in complete logics (such as propositional and first-order), so I will probably leave it as is. May introduce a more restrained version later. I would also argue that the restrained version is just relevant logic implication then (and, as such, I may touch on it if I end up spending some time formalizing that).
Mac (May 02 2021 at 21:29):
I also don't generally end up using the propositional logic rules in my proofs because I can generally leave that to the metalogic (as I did in my PA fragment).
Mac (May 02 2021 at 21:31):
i.e. PProd (L |- p) (L |- q) is just as good as (L |- p /\ q) and (outside of classical logic) PSum (L |- p) (L |- q) is often just as good as L |- p \/ q
Mario Carneiro (May 02 2021 at 21:32):
I still think my conditional proof rule is fine for the general case (and it mirrors the elimination rule, which is nice). It works fine in complete logics (such as propositional and first-order), so I will probably leave it as is.
The fact that it's not well founded should make it very suspicious as a proof rule. It's a constraint on the provability judgment that is not satisfiable like a standard axiom rule
Mac (May 02 2021 at 21:33):
What is wrong with it not being well-founded?
Mario Carneiro (May 02 2021 at 21:34):
it sort of fails the concept that a theory is inductively generated by axioms and rules of inference
Mac (May 02 2021 at 21:34):
I wonder what you would think of this variation of the natural induction rule then:
(f : T -> Sort w) -> f 0 ->
((n : T) -> (L |- nat n) -> (f n -> f (S n))) ->
((n : T) -> (L |- nat n) -> f n)
Mario Carneiro (May 02 2021 at 21:36):
Oh, I can definitely use that to prove nonsense
Mario Carneiro (May 02 2021 at 21:36):
That axiom implies that all terms are syntactically of the form S S S ... S 0, so 1 doesn't exist
Mac (May 02 2021 at 21:36):
I'd love to see it. I figured as much, but I have yet to see any pitfalls. Maybe I'm just not that creative.
Mario Carneiro (May 02 2021 at 21:37):
well, I guess it's fine if the term language isn't really a term language and is really Nat
Mac (May 02 2021 at 21:37):
Mario Carneiro said:
That axiom implies that all terms are syntactically of the form
S S S ... S 0, so1doesn't exist
How does it imply that?
Mac (May 02 2021 at 21:37):
It does have the (L |- nat n) constraint for n
Mario Carneiro (May 02 2021 at 21:38):
you take f to be the assertion that n = S^i 0 for some i : Nat
Mario Carneiro (May 02 2021 at 21:39):
Mac said:
It does have the
(L |- nat n)constraint forn
That's true, I really only mean that L |- nat n implies n = S^i 0 for some i
Mac (May 02 2021 at 21:39):
Isn't that generally true?
Mario Carneiro (May 02 2021 at 21:40):
= here is lean's Eq, i.e. syntactic equality
Mario Carneiro (May 02 2021 at 21:40):
If T is a term language containing things like 0 + 0 or 1 then that would usually not be true
Mario Carneiro (May 02 2021 at 21:41):
in particular you can probably use this to prove reflexivity
Mac (May 02 2021 at 21:41):
Also how would you show n = S^i 0?
Mac (May 02 2021 at 21:42):
ah I see.
Mac (May 02 2021 at 21:43):
I don't actually use this prove the Peano fragment though, luckily.
Mac (May 02 2021 at 21:43):
I use this:
(C : T -> T -> P) -> (f : T -> T -> T -> P) ->
((a b : T) -> (L |- nat a) -> (L |- nat b) ->
(L |- C a b) -> (L |- f a b 0)) ->
((c : T) -> (L |- nat c) ->
((a b : T) -> (L |- nat a) -> (L |- nat b) ->
(L |- C a b) -> (L |- f a b c)) ->
((a b : T) -> (L |- nat a) -> (L |- nat b) ->
(L |- C a b) -> (L |- f a b (S c)))) ->
((a b c : T) -> (L |- nat a) -> (L |- nat b) -> (L |- nat c) ->
(L |- C a b) -> (L |- f a b c))
Mac (May 02 2021 at 21:44):
and this:
(f : T -> T -> T -> P) ->
((a b : T) -> (L |- nat a) -> (L |- nat b) ->
(L |- f a b 0)) ->
((c : T) -> (L |- nat c) ->
((a b : T) -> (L |- nat a) -> (L |- nat b) -> (L |- f a b c)) ->
((a b : T) -> (L |- nat a) -> (L |- nat b) -> (L |- f a b (S c)))) ->
((a b c : T) -> (L |- nat a) -> (L |- nat b) -> (L |- nat c) ->
(L |- f a b c))
Mac (May 02 2021 at 21:47):
Also, considering how quickly you poked a hole in that natural induction rule, I'm curious as to whether you think there is also a problem with this disjunction elimination rule:
(p q : P) -> (L |- p \/ q) ->
(r : Sort w) -> ((L |- p) -> r) -> ((L |- q) -> r) -> r
Mario Carneiro (May 02 2021 at 21:48):
That one also implies that the theory is complete, if it satisfies excluded middle
Mac (May 02 2021 at 21:49):
I guess a better question is, is it any worse than:
(p q : P) -> (L |- p \/ q) ->
(r : P) -> ((L |- p) -> (L |- r)) -> ((L |- q) -> (L |- r)) -> (L |- r)
Mac (May 02 2021 at 21:50):
Since, yeah, I keep the metalogic (L |- p) -> (L |- q) as entailment throughout.
Mac (May 02 2021 at 21:51):
Which I still think is reasonable.
Mario Carneiro (May 02 2021 at 21:51):
Why not just have axioms like (L |- p \/ q) <-> (L |- p) \/ (L |- q), (L |- p -> q) <-> ((L |- p) -> (L |- q)) and so on, if you want metalogical connectives
Mac (May 02 2021 at 21:52):
Because (L |- p) is not a prop and <-> is not function.
Mario Carneiro (May 02 2021 at 21:53):
insert nonempty everywhere
Mac (May 02 2021 at 21:53):
The point is to reduce complexity, not increase it. XD
Mario Carneiro (May 02 2021 at 21:53):
I'm not sure why |- isn't a prop though
Mac (May 02 2021 at 21:53):
Also, a proof my depend on only one direction of the rule.
Mac (May 02 2021 at 21:54):
|- is not a prop so that a judgment can potential be an inductive type which one can do proof by cases on.
Mario Carneiro (May 02 2021 at 21:54):
it can still be an inductive prop
Mario Carneiro (May 02 2021 at 21:55):
you can do proof by cases on an inductive prop
Mac (May 02 2021 at 21:55):
And for cases where I want type safety from Props.
Mario Carneiro (May 02 2021 at 21:56):
type safety?
Mac (May 02 2021 at 21:57):
Mario Carneiro said:
you can do proof by cases on an inductive prop
Doesn't that violate proof irrelevance?
Mario Carneiro (May 02 2021 at 21:57):
Proof by cases to prove a proposition
Mac (May 02 2021 at 21:58):
I guess my point is: I am trying to avoid proof irrelevance.
Mario Carneiro (May 02 2021 at 21:58):
you don't need to use proof irrelevance
Mario Carneiro (May 02 2021 at 21:59):
but AFAICT your theory is not really changed at all by putting everything in prop
Mac (May 02 2021 at 21:59):
If (L |- p) : Prop then for all p1 p2 : L |- p , p1 = p2 by proof irrelevance, correct?
Mario Carneiro (May 02 2021 at 21:59):
yes
Mac (May 02 2021 at 21:59):
That's what I don't want
Mario Carneiro (May 02 2021 at 22:00):
You can just have Derivation L p and define L |- p = nonempty (Derivation L p)
Mario Carneiro (May 02 2021 at 22:00):
which matches conventional usage better anyway
Mac (May 02 2021 at 22:00):
but L |- p is suppose to be the proof type not a proposition that there is a proof.
Mario Carneiro (May 02 2021 at 22:00):
so L |- p means p is provable and Derivation L p is the type of proofs of p
Mac (May 02 2021 at 22:01):
By (L |- p) -> (L |- q) I mean given a proof in L of p I can construct a proof in L of q which is the result of this function.
Mario Carneiro (May 02 2021 at 22:02):
lean is classical so that doesn't really mean as much as you want it to
Mac (May 02 2021 at 22:02):
Lean is not classical
Mario Carneiro (May 02 2021 at 22:02):
sure it is, Classical.em is a thing
Mac (May 02 2021 at 22:03):
yes, but that adds axioms to proof
Mario Carneiro (May 02 2021 at 22:03):
and the core tactics don't particularly shy away from it
Mac (May 02 2021 at 22:03):
Hence why I am avoiding the core
Mario Carneiro (May 02 2021 at 22:04):
If you are working in an intuitionistic metatheory then things are different, but I think lean isn't the best choice for that
Mac (May 02 2021 at 22:05):
Why not? And what do you think would be a better place?
Mario Carneiro (May 02 2021 at 22:05):
I'm mostly assuming that you are comfortable with assuming classical logic and countably many inaccessible cardinals (in the metatheory) because lean is kind of hostile to not assuming that
Mac (May 02 2021 at 22:05):
Also I use Lean primarily for its metaprogramming power, not its logical base.
Mario Carneiro (May 02 2021 at 22:07):
You can restrict the object logic if you want to, but you have to be careful not to let the excessively strong metalogic bleed into the object logic
Mac (May 02 2021 at 22:08):
Mario Carneiro said:
You can restrict the object logic if you want to, but you have to be careful not to let the excessively strong metalogic bleed into the object logic
Very true.
Mario Carneiro (May 02 2021 at 22:08):
which means things like (L |- p) -> (L |- q) are problematic
Mario Carneiro (May 02 2021 at 22:08):
because that's Lean's function space, not the object logic's
Mario Carneiro (May 02 2021 at 22:08):
who knows what crazy things are in there
Mac (May 02 2021 at 22:10):
True, I understand that. I am using it mostly for ease of use.
Mac (May 02 2021 at 22:11):
Otherwise I would have to create some alternative syntax to do proofs in, which I am not quite ready to do yet.
Mario Carneiro (May 02 2021 at 22:11):
have you considered using a hilbert style axiomatization? That avoids the need for a context in the provability judgment
Mac (May 02 2021 at 22:14):
One of the key parts of logics in my metalogic is that they are initially devoid of both inference rules and syntaxes. Rules and syntax are part of the hypotheses of proofs.
Mario Carneiro (May 02 2021 at 22:14):
I mean as hypotheses
Mario Carneiro (May 02 2021 at 22:15):
that is, you can assume L |- p -> p and L |- (p -> (q -> r)) -> (p -> q) -> p -> r and such
Mario Carneiro (May 02 2021 at 22:16):
I think it would be easier to bundle them into sets though
Mac (May 02 2021 at 22:16):
Yes, but most proofs ideally operate in heavily constrained logics (as my Peano proofs did). They don't generally even have any propositional logic at all.
Mac (May 02 2021 at 22:17):
So the goal is not to minimize the axiomization (but in many cases, to maximize it).
Mario Carneiro (May 02 2021 at 22:17):
I've heard of an axiomatization of primitive recursive arithmetic that doesn't use any logical connectives, only inference rules and =
Mario Carneiro (May 02 2021 at 22:18):
oh, it's on wiki: https://en.wikipedia.org/wiki/Primitive_recursive_arithmetic#Logic-free_calculus
Mac (May 02 2021 at 22:19):
I believe that if I wanted to better constrain Lean from bleeding into my proofs, I would have construct a restricted logic within Lean and then construct my metalogic system within that restricted logic.
Mac (May 02 2021 at 22:19):
I am not really sure I want to do that yet.
Mario Carneiro (May 02 2021 at 22:21):
It kind of sounds like you want LF
Mario Carneiro (May 02 2021 at 22:23):
Or possibly MM0, although I'm pretty scared to suggest my language to anyone. But it was designed for use cases roughly like this
Mario Carneiro (May 02 2021 at 22:26):
What kind of automation are you using from lean 4?
Mac (May 02 2021 at 22:28):
My big draw to Lean is its metaprogramming power (namely its customizable syntax).
Mario Carneiro (May 02 2021 at 22:30):
Is it just notations like L |- p and x = y? Because that's not hard to find
Mario Carneiro (May 02 2021 at 22:30):
would lean 3 satisfy your notational needs?
Mac (May 02 2021 at 22:32):
Also things like forall and exists, but yeah, for this project its probably not that much.
Mac (May 02 2021 at 22:34):
Lean 3's problem is that it has to many reserved notations (which tends to be a problem in a lot of languages).
Mac (May 02 2021 at 22:35):
Though, yeah, initially started in Lean 3 before moving to Lean 4, so I don't think it'd be impossible.
Mac (May 02 2021 at 22:35):
Though I do value the easy of use of Lean 4 (and the syntax highlighting of custom notation).
Mario Carneiro (May 02 2021 at 22:35):
Interesting. You might actually like MM0 then, it is kind of like lean but you define the entire theory yourself; generally it's some kind of FOL but you get to pick all the axioms, notations and so on
Mac (May 02 2021 at 22:36):
You really should get some github syntax highlighting for it :)
Mario Carneiro (May 02 2021 at 22:37):
You need to have X number of users before github will care about you
Mario Carneiro (May 02 2021 at 22:37):
I checked
Mario Carneiro (May 02 2021 at 22:37):
it would be great if they had repo-specific highlighting but I guess that's some kind of security concern
Mac (May 02 2021 at 22:38):
also, what is with all the $
Mario Carneiro (May 02 2021 at 22:39):
just pretend it's latex
Mario Carneiro (May 02 2021 at 22:39):
it is to prevent weird mathematical notation from corrupting the "outer" syntax
Mario Carneiro (May 02 2021 at 22:39):
inside the $ you can have whatever you like
Mac (May 02 2021 at 22:39):
why?
Mac (May 02 2021 at 22:40):
why not just use braces for definitions then?
Mario Carneiro (May 02 2021 at 22:40):
I don't follow
Mac (May 02 2021 at 22:41):
i.e. { ... } instead of = $ .. $ (or : $ ... $
Mario Carneiro (May 02 2021 at 22:41):
The $ delimit user-defined mathematical notation sections
Mario Carneiro (May 02 2021 at 22:42):
It could be { ... } but then that would limit the use of { ... } inside mathematical notation
Mac (May 02 2021 at 22:42):
yes but in https://github.com/digama0/mm0/blob/master/examples/x86.mm0, virtually every definition is within $s
Mario Carneiro (May 02 2021 at 22:42):
yes, they are mandatory
Mario Carneiro (May 02 2021 at 22:43):
Inside the $ you can use literally any character, keyword, whatever
Mac (May 02 2021 at 22:43):
my point is why not instead of
def bit (n i: nat): nat = $ nat (i e. n) $;
theorem bitT (n i: nat): $ bool (bit n i) $;
having:
def bit (n i: nat): nat { nat (i e. n) }
theorem bitT (n i: nat): bool (bit n i)
Mac (May 02 2021 at 22:44):
were the colon consume math notation until the end-of-line
Mario Carneiro (May 02 2021 at 22:44):
because newlines are permitted in math strings
Mac (May 02 2021 at 22:45):
in which case you use braces instead
Mario Carneiro (May 02 2021 at 22:45):
and semicolons
Mario Carneiro (May 02 2021 at 22:45):
and braces
Mario Carneiro (May 02 2021 at 22:45):
and unmatched braces
Mario Carneiro (May 02 2021 at 22:46):
arguably that's too permissive
Mac (May 02 2021 at 22:46):
okay, ignore the colon sugar, here is also a possibility:
def bit (n i: nat): nat { nat (i e. n) }
theorem bitT (n i: nat) { bool (bit n i) }
Mac (May 02 2021 at 22:46):
Yeah the unmatched braces seem a bit of a stretch.
Mac (May 02 2021 at 22:46):
However, why not run a custom parser?
Mac (May 02 2021 at 22:47):
like Lean 4 does?
Mario Carneiro (May 02 2021 at 22:47):
Because MM0 is designed to be simple to parse
Mario Carneiro (May 02 2021 at 22:47):
lean 4 is... not
Mac (May 02 2021 at 22:47):
Mario Carneiro said:
lean 4 is... not
In one manner of speaking yes, In another manner of speaking, no
Mac (May 02 2021 at 22:48):
Lean actually has a pretty simple parsing algorithm (outside of anti-quotes)
Mario Carneiro (May 02 2021 at 22:49):
I'm not sure how to interpret that to make it true. Lean has an extremely extensible parsing system, which has been extended already in the core quite a bit to build the core syntax
Mac (May 02 2021 at 22:49):
As a person who has long been toying with a writing a metaprogramming language with the parsing flexibility of Lean (and beyond), I am actually amazed at how they were able to write such a flexible parser with such simple rules.
Mac (May 02 2021 at 22:50):
Yes but the core is surprisingly simple for being so flexible.
Mario Carneiro (May 02 2021 at 22:51):
sure, but in order to actually parse things you need all the extensions too
Mac (May 02 2021 at 22:51):
Yes, but the extensions are written in Lean, so that is less of a problem.
Mac (May 02 2021 at 22:51):
So as long as you can parse the basics, you can parse the more complex cases by interpreting the basics.
Mario Carneiro (May 02 2021 at 22:52):
It has to be staged though, notations are used before they are defined
Mac (May 02 2021 at 22:53):
true
Mario Carneiro (May 02 2021 at 22:54):
I went for more the opposite approach, what's the simplest extensible parser that can be used to define not terrible looking formal maths
Mario Carneiro (May 02 2021 at 22:54):
and can be specified in a page or two
Mac (May 02 2021 at 22:55):
which I applaud, as the result looks quite good
Mario Carneiro (May 02 2021 at 22:55):
the dollar delimiters are so that the outer syntax parser can be a fully static parser like what yacc gives you
Mario Carneiro (May 02 2021 at 22:55):
although it doesn't have to be implemented that way
Mac (May 02 2021 at 22:55):
However, I must admit it does offend my sensibilities somewhat.
Mac (May 02 2021 at 22:56):
I suspect that means the syntax highlighting leaves much to be desired.
Mario Carneiro (May 02 2021 at 22:56):
I'll find a nice subdued color for the syntax highlighter :)
Mario Carneiro (May 02 2021 at 22:57):
there is an online tutorial video which shows the syntax highlighting
Mario Carneiro (May 02 2021 at 22:57):
but the dollars are just white
Mac (May 02 2021 at 22:59):
How does it highlight the bits of notation within the dollars?
Mario Carneiro (May 02 2021 at 22:59):
right now it doesn't. The regex highlighter isn't smart enough to know the user notation
Mac (May 02 2021 at 22:59):
that was my point
Mario Carneiro (May 02 2021 at 23:00):
but I am planning to add "semantic highlighting" messages from the server, which would allow various kinds of highlighting, although I'm not sure what to do besides highlighting the variables
Mario Carneiro (May 02 2021 at 23:01):
to be fair, lean doesn't do any math highlighting either
Mac (May 02 2021 at 23:02):
One of the things love about Lean's syntax highlighting is that custom keywords (ex. forall) get highlighted the same as builtin keywords.
Mario Carneiro (May 02 2021 at 23:02):
heh that's a bug
Mac (May 02 2021 at 23:02):
what makes you say that?
Mario Carneiro (May 02 2021 at 23:02):
forall is a lean keyword
Mac (May 02 2021 at 23:03):
I know, I was just using that as an example
Mac (May 02 2021 at 23:03):
As I can't quite give an common example of a custom keyword, can I?
Mario Carneiro (May 02 2021 at 23:04):
Actually you are right, there is an actual feature along those lines. There was a bug like that in lean 3 for a while though
Mac (May 02 2021 at 23:04):
I presumed it was feature, as it isn't in 4.0.0-m2 but it is in the nightly so it must have been added recently.
Mario Carneiro (May 02 2021 at 23:04):
For example the obtain tactic was nicely highlighted, not because the highlighter knew that obtain was a tactic, but because obtain was a keyword in lean 2 and the highlighter was never updated
Mac (May 02 2021 at 23:05):
Obviously none of this occurs on Github :(
Mario Carneiro (May 02 2021 at 23:05):
But you are right, if you define a custom tactic in lean 4 it will get highlighted using the "semantic highlighting" feature
Mac (May 02 2021 at 23:06):
I love that. It makes custom notation feel natural as opposed to a wart you glued onto the system.
Mario Carneiro (May 02 2021 at 23:06):
you can tell because it takes a little bit of extra time to get highlighted compared to the rest of the text
Mac (May 02 2021 at 23:07):
Exactly! XD
Mario Carneiro (May 02 2021 at 23:07):
I think variable highlighting is another way to give the text a little more texture
Mario Carneiro (May 02 2021 at 23:07):
I wouldn't know how to start highlighting user notations though
Mac (May 02 2021 at 23:08):
I am said that most color schemes and highlighters have gotten rid of operator highlighting. I quite liked that.
Mac (May 02 2021 at 23:19):
Mac said:
I wonder what you would think of this variation of the natural induction rule then:
(f : T -> Sort w) -> f 0 -> ((n : T) -> (L |- nat n) -> (f n -> f (S n))) -> ((n : T) -> (L |- nat n) -> f n)
Something I was curious about: Is there a clean way of restricting f to judgments or functions of judgments (since they are both just Sorts)?
Mario Carneiro (May 02 2021 at 23:21):
Even with the judgment version, I think it wouldn't be sufficient, since you can still let f be if \exists i, n = S^i 0 then term.true else term.false as long as the proposition language contains something true and something false
Mario Carneiro (May 02 2021 at 23:23):
but to answer your question, yes you can make an inductive type out of this
Mac (May 02 2021 at 23:24):
Mario Carneiro said:
but to answer your question, yes you can make an inductive type out of this
Yeah, but that's a different type then.
Mario Carneiro (May 02 2021 at 23:26):
I mean you can have a predicate on functions f meaning "f is a judgment or function of judgments"
Mac (May 02 2021 at 23:32):
Now that I think about this, is the exists i, n = S^i 0 that bad? It would expand to this:
(0 = S^i 0) ->
((n : T) -> (L |- nat n) -> ((exists i, n = S^i 0) -> (exists i, S n = S^i 0)) ->
((n : T) -> (L |- nat n) -> (exists i, n = S^i 0))
This is what natural induction means right: that every nat is 0 or a S of a nat?
Mac (May 02 2021 at 23:34):
It is certainly stronger than my current PA fragment, but it seems pretty standard for arithmetic
Mario Carneiro (May 02 2021 at 23:34):
well, like I said, if T is a type of terms, such that 0 + 0 and 0 are not equal in the lean sense, then this property will fail because 0 + 0 is not of the form S^i 0
Mario Carneiro (May 02 2021 at 23:35):
take note that the assumption is not L |- n = S^i 0 but n = S^i 0
Mac (May 02 2021 at 23:35):
true, but that makes sense, considering this is metalogical object-nat induction rather than object logic nat induction.
Mario Carneiro (May 02 2021 at 23:36):
Right, so this can be used to prove that the object nats are really the metalogic nats
Mac (May 02 2021 at 23:36):
makes sense.
Mac (May 02 2021 at 23:37):
in essence, this is a way of encoding that property.
Mario Carneiro (May 02 2021 at 23:37):
which can then be used to prove other things like reflexivity or Con(PA)
Mac (May 02 2021 at 23:37):
I forgot, what does Con(PA) denoted again?
Mario Carneiro (May 02 2021 at 23:38):
PA Is consistent
Mac (May 02 2021 at 23:38):
ah, should have guessed that.
Mario Carneiro (May 02 2021 at 23:38):
indeed Con(ZFC) can probably be smuggled in too
Mario Carneiro (May 02 2021 at 23:39):
essentially L will look like "true arithmetic" from lean's point of view, so all true (that is, lean-provable) nat facts become L facts
Mac (May 02 2021 at 23:39):
this induction is thus structural induction for nats opposed to equality-based induction for nats
Mac (May 02 2021 at 23:40):
Mario Carneiro said:
essentially L will look like "true arithmetic" from lean's point of view, so all true (that is, lean-provable) nat facts become L facts
isn't it that opposite, all L nat facts become Lean nat facts?
Mario Carneiro (May 02 2021 at 23:41):
it's both, to the extent that L models negative nat facts
Mac (May 02 2021 at 23:43):
Wait a second does this even prove L |- 0 = 0?
Mac (May 02 2021 at 23:44):
all that equality proof tells me is the structure of nat terms, it doesn't give me properties about them.
Mario Carneiro (May 02 2021 at 23:45):
The argument is roughly that since L |- 0 + 0 = 0, it suffices to prove 0 + 0 = 0. By the induction lemma 0 + 0 = S^i 0 so it is either 0 or 0 + 0 = S x; but in this case L |- S x = 0 and I guess this violates some axiom
Mac (May 02 2021 at 23:45):
i.e. it tells me if 3 + 4 is a nat term then it is some successor of zero, it doesn't tell me which one, right?
Mac (May 02 2021 at 23:46):
Mario Carneiro said:
The argument is roughly that since
L |- 0 + 0 = 0, it suffices to prove0 + 0 = 0. By the induction lemma0 + 0 = S^i 0so it is either 0 or0 + 0 = S x; but in this caseL |- S x = 0and I guess this violates some axiom
So as long as I have the S n \ne 0 axiom it does, but without it, it doesn't.
Mario Carneiro (May 02 2021 at 23:48):
I believe it's possible to use that to prove L |- 1 = 0 by taking predecessors of both sides enough times
Mac (May 02 2021 at 23:50):
thing is because this the term 0, 0 itself can still be equal to the successor of some other nonzero (non-nat) number like -1
Mac (May 02 2021 at 23:54):
I believe 0 = (S -1) or the like would still be consistent
Mario Carneiro (May 02 2021 at 23:54):
Oh sorry, by x I actually mean S^i 0
Mario Carneiro (May 02 2021 at 23:55):
that is, in the hypothetical we know that e.g. L |- S S S 0 = 0
Mario Carneiro (May 02 2021 at 23:56):
so it's not -1 unless S is cyclic or something
Mario Carneiro (May 02 2021 at 23:56):
which it might be without the S x != 0 axiom
Mac (May 02 2021 at 23:56):
yeah, that was my point
Mac (May 02 2021 at 23:57):
without the axiom, we have no knowledge of where the ladder starts or stops (or if it does)
Mac (May 03 2021 at 02:53):
I just remembered this, so I'll put this here.
Mario Carneiro said:
Suppose
pis neither provable nor disprovable. ThenL |- pis false, soL |- p -> L |- falseis true, soL |- (p -> false)by your proof rule and sopis provably false. Thus every statement is provable or disprovable in the logic
Mario Carneiro said:
No, It means that
not (L |- p)andnot (L |- not p)
First, This is only true if (L |- p -> false) -> (L |- not p)holds (or, more generally, if (L |- p -> q) -> (L |- not p) for some q holds). Furthermore, if the logic lacks the law of excluded middle even at statement like (L |- p <-> not p) is fine. I think you may be under-estimating the number of logics in which this conditional proof rule is fine.
Mac (May 03 2021 at 03:06):
However, I do thank you for bringing to my attention these properties of my conditional proof rule. I probably wouldn't have noticed them myself. So thanks! :smile:
Mario Carneiro (May 03 2021 at 08:28):
@Mac Indeed, as I've said every logical argument I made requires some assumptions on the logic (and it's not too difficult to reverse engineer the required rules from the argument itself, in reverse mathematics style). You can't get anywhere if you don't make any assumptions at all. But just because the argument fails if the logic is so impoverished that p -> false and not p are not equivalent doesn't mean it's a good proof rule, because at the very least it means you have an "anti-establishment" proof rule that is incompatible with the traditional axioms you would find in a mainstream theory like PA or ZFC. Usually, when doing this kind of theory exploration, the rules are supposed to be at least compatible with what traditional FOL does, and I am trying to show how it is not. So you are exploring some other incompatible island in theory space, which might be interesting, but probably is less applicable than you thought.
Mac (May 03 2021 at 18:07):
@Mario Carneiro That 's fair. Thanks again!
Mac (May 03 2021 at 18:13):
One thing I'm still curious about though, is why do most standard mathematical logics embedded the logic with the math. What particular pitfalls does relegated logical connectives to the metalogic and leaving only the mathematical predicates and numbers (equality, numbers, sets, etc.) to the object logic create?
Mario Carneiro (May 03 2021 at 18:28):
That sort of thing is often known as higher order abstract syntax (HOAS) in the biz. It works pretty well in LF, but it requires that the metatheory be very weak, so that function types correspond roughly to things that can be represented by terms in the logic
Mario Carneiro (May 03 2021 at 18:29):
for example, you would generally want the function type in such a system to be countable and satisfy a paremetricity metatheorem
Mario Carneiro (May 03 2021 at 18:31):
If the metatheory is sufficiently advanced so as to be able to do general mathematics, the function type will be uncountable and contain "wild" terms in it which break parametricity. HOAS is usually inconsistent in such systems, and Lean falls in this category
Mario Carneiro (May 03 2021 at 18:36):
The paper Higher Order Abstract Syntax in Coq discusses some of the difficulties of implementing HOAS in Coq, which has similar issues to Lean (Lean has it a bit worse because classical logic admits even more exotic terms than plain old DTT)
Last updated: Dec 20 2023 at 11:08 UTC