Search code examples
typesproofagdadependent-type

How can I convince Agda that my function has a certain value?

I'm used to writing human proofs in mathematics, but I'm very new to writing Agda. The following is a toy example of something that I can't figure out how to prove with Agda.

Informally, I want to write a function f which takes a natural number x and a pair of naturals. If the first element in the pair equals x, return the second element of the pair. Otherwise, return 0.

Here are my definitions for natural number equality:

data N : Set where
  zero : N
  s : N → N

data _≡_ {X : Set} : X → X → Set where
  refl : (x : X) → (x ≡ x)

data _≢_ : N → N → Set where
  <   : {n : N} → (zero ≢ (s n))
  >   : {n : N} → ((s n) ≢ zero)
  rec : {n m : N} → (n ≢ m) → ((s n) ≢ (s m))

data _=?_ (n m : N) : Set where
  true  : (n ≡ m) → (n =? m)
  false : (n ≢ m) → (n =? m)

equal? : (n m : N) → (n =? m)
equal? zero zero = true (refl zero)
equal? zero (s _) = false <
equal? (s _) zero = false >
equal? (s n) (s m) with (equal? n m)
... | (true (refl a)) = (true (refl (s a)))
... | (false p) = (false (rec p))

and here is the function.

data Npair : Set where
  pair : (n m : N) → Npair

f : N → Npair → N
f a (pair b c) with equal? a b
... | (true (refl _)) = c
... | (false _) = zero

I cannot prove

lemma : (x y : N) → (y ≡ (f x (pair x y)))

because when I try to introduce the refl constructor in the definition, it complains that

y != f x (pair x y) | equal? x x of type N

What do I have to change in order to prove this lemma?

Solution

  • In lemma, you need to pattern match on equal? x x, because f matches on that as well, and you can't reason about f's output until you do the same match. However, you get two cases for equal? x x:

    lemma : (x y : N) → (y ≡ (f x (pair x y)))
lemma x y with equal? x x 
... | true (refl _) = refl _
... | false _       = ?

    Of this, the second case is not possible. To rule it out, you need to prove ∀ n → equal? n n ≡ true (refl _):

    equal?-true : ∀ n → equal? n n ≡ true (refl _)
equal?-true zero = refl _
equal?-true (s n) with equal? n n | equal?-true n
... | true (refl _) | q = refl _
... | false x       | ()

lemma : (x y : N) → (y ≡ (f x (pair x y)))
lemma x y with equal? x x | equal?-true x
... | true (refl _) | _ = refl _
... | false _       | ()

    However, you don't need to do extra work if you define inequality just as the negation of equality, because then x ≢ x immediately implies .

    data ⊥ : Set where

⊥-elim : ⊥ → {A : Set} → A
⊥-elim ()

_≢_ = λ {A : Set}(x y : A) → x ≡ y → ⊥

data _=?_ (n m : N) : Set where
  true  : (n ≡ m) → (n =? m)
  false : (n ≢ m) → (n =? m)

equal? : ∀ n m → n =? m
equal? zero zero   = true (refl zero)
equal? zero (s m)  = false (λ ())
equal? (s n) zero  = false (λ ())
equal? (s n) (s m) with equal? n m
... | true  (refl _) = true (refl _)
... | false p        = false λ {(refl _) → p (refl n)}

data Npair : Set where
  pair : (n m : N) → Npair

f : N → Npair → N
f a (pair b c) with equal? a b
... | (true (refl _)) = c
... | (false _)       = zero

lemma : (x y : N) → (y ≡ (f x (pair x y)))
lemma x y with equal? x x
... | true (refl .x) = refl y
... | false p        = ⊥-elim (p (refl _))