Introduction to Agda

2009.4. 24
CVS/AIST
Yoshiki Kinoshita, Yoriyuki Yamagata
 Agenda
• On Agda
• Agda as a programming language
• Agda as a proof system
• Further information.

2
 Agenda
• On Agda
• Agda as a programming language
• Agda as a proof system
• Further information.

3
 A Bit of History
Development of Agda started at Chalmers University of Technology
(Göteborg, SW) in 1990’s
Developers include: Catarina Coquand, Lennart Augustsson, Thierry
Coquand, Makoto Takeyama, Marcin Benke, Thomas Hallgren
Cf. ALF, Alfa etc、tradition of theorem provers based on constructive type
theory at Göteborg.
CVS/AIST started to contribute in 2003
plug-in, application to industry
Cf. Makoto’s move to AIST in 2003.
Agda Implementers Meeting (AIM)
twice a year, alternatively at Göteborg and Senri
Agda2
Reimplementation from scratch in 2006, with a third (fouth? Fifth?) major
language change → old Agda system is now called `Agda1’
Ulf Norell, Catarina Coquand, Makoto Takeyama, Nils Anders Danielsson,
Andreas Abel, Karl Mehltretter, Marcin Benke

4
 Principles of Agda
• Martin-Löf’s constructive type theory;
Curry-Howard correspondence
term : type ÍÎ proof : proposition
– Functional programming language with
dependent types
Terms as programs; compiler / interpreter
– Proof system
Terms as proofs; proof assistant

5
 Features of Agda
• Language
– Dependent types
Datatypes, inductively defined types
Record types
– Definitional equalities
– Module
– Unicode
• System
– Structural editor, always showing proof terms
Cf. Coq and Isabelle: script based
– Compiler / Interpreter
Compiling to Haskell
– Meta variables
Place holders to be Instantiated by concrete terms later.

6
 Comparison with Coq
• Agda language is based on predicative
type theory,
i.e., the collection of all types is not a type.
Coq language is based on impredicative type
theory.
• Agda system is a structural editor, always
showing the types and terms as it is.
Coq system accepts the script of how to
construct types and terms; types and terms
are displayed at any time upon request.
7
 Agenda
• On Agda
• Agda as a programming language
• Agda as a proof system
• Further information.

8
 Agda as a programming language
• Types
– data … (datatypes, inductively defined types)
– record … (record types, dependent tuples)
• Definitional equalities
Introduction of constants, including functions.
• Modules → record type

9
 Agda as a programming language
• Types
– data … (datatypes, inductively defined types)
– record … (record types, dependent tuples)
• Definitional equalities
Introduction of constants, including functions.
• Modules → record type

10
 Types in Agda
• Agda has only one predefined type : Set
Set is meant to be “the type of all types”; only
Set is not a member of itself. Æ cumulative
hierarchy of types.
• There are two mechanisms of introducing
a new type:
– data …, which introduces datatypes, and
– record …, which introduces record types.

11
 Datatypes
• In principle, data data Bool : Set where
true : Bool
declaration
false : Bool
enumerates all values.
E.g.： Bool type
true and false are the
two values of the type
Bool; and there are
no other values.
They are constructors of
the type Bool.

12
 Recursively defined data type
• Constructors may data Boolwith⊥ : Set where
bool : Bool -> Boolwith⊥
take arguments. ⊥ : Boolwith⊥
Cf. Boolwith⊥
• Identifier is a
sequence of unicode
characters
e.g. true: Bool
would be parsed as
two identifiers: true:
and Bool.

13
 Inductively defined data type
• The type of the arguments may data Nat : Set where
be the very type being zero : Nat
introduced (2.) succ : Nat -> Nat
Î Circular argument!
• Agda knows, fortunately, the
cases where such circularity
does not lead to an infinite
loop of argument
Î Inductively defined types
– Agda’s judgement, however, is
false positive; there are well-
definitions which Agda rejects.
• zero is a value of Nat
• If n is a value of Nat, then
succ n is a value of Nat, too.

14
 Lexical Convention
1.
• Indentation and new
line are significant to
2.
Agda’s parser.
• mixfix (infix, postfix)
3.
notation
In 5., ′ is declared to be
a postfix operator 4.
_ indicates the place
where the actual 5.
argument is to be
placed
data Nat : Set where
zero : Nat
succ : Nat -> Nat
data Nat : Set where
zero : Nat Indentation
succ : Nat -> Nat
required
data Nat : Set where
zero : Nat succ : Nat ->
Nat New line
required
data Nat : Set where
zero : Nat ; succ : Nat ->
Nat
Semicolon instead of new line
data Nat : Set where
０ : Nat
_ ′ : Nat -> Nat
15
 Parameterized data type
data List (A : Set) : Set
• Finite list of values of where
type A [] : List A
_::_ : A ->
• For any given type A, List A ->
List A
– [] is of the type List
A
– If a is of type A and as
is of type List A,
then a :: as is of
type List A.
_::_ shows :: is an
infix operator

16
 Dependent type
• Array : list of specific lentgh. data Array (A : Set) :
An example of types dependent to a Nat -> Set where
value. * : Array A ０
• Array A n cons : (n : Nat) ->
signifies type of array with A ->
elements of type A and length n Array A n –>
• * is the only value of the type Array A (n ′)
Array A 0
• cons n a x adds x to an
array a of length n
• The type of 4th argument of cons
is Array A n; it depends on A
and n.
∴We must name the 1st and 2nd
argument A and n for later
reference.

17
 Implicit argument
• Constructors of Array are typed * : {A : Set} ->
like this. Array A ０
• The type of * would be cons : {A : Set} ->
* : (A : Set) -> Array A ０ (n : Nat) ->
∵ For each type A, * is of type A ->
Array A ０. Array A n ->
– To associate the type to * Array A (n ′)
everywhere is a tedeous work!
– Moreover, the type can be
inferred from context for the many
cases.
• {A : Set} means that a
parameter of type Set is to be
applied here, but the system
infers its value from the context.

18
 Implicit argument
• This new declaration of Array data Array (A : Set) :
makes even n to be inferred Nat -> Set where
from the context. * : Array A ０
Write {n : Nat} instead cons : (n : Nat) ->
of (n : Nat) so that, we A ->
can omit the real argument. Array A n ->
Array A (n ′)
• In order to give an implicit
actual parameter explicitly, one Î
encloses it by { },
e.g., * {Nat} for the nil value data Array (A : Set) :
of Array Nat ０ Nat -> Set where
*: Array A ０
cons : {n : Nat} ->
A ->
Array A n ->
Array A (n ′)

19
 (Non-dependent) sums are datatypes
data _+_ (A B : Set) : Set where
Sum types can be ι1 : A -> A + B
introduced as datatypes. ι2 : B -> A + B
[_,_] : {A B C : Set} ->
Dependent sums are
(f : A -> C) ->
different; they are record (g : B -> C) ->
types! A + B -> C
Injections correspond to [ f , g ] (ι1 a) = f a
constructors ι1 and ι2. [ f , g ] (ι2 b) = f b

The inclusion function ι1 ι2

[ f , g ] may be A A+B B
introduced using pattern
matching. f [f,g] g

20
 Agda as a programming language
• Types
– data … (datatypes, inductively defined types)
– record … (record types, dependent tuples)
• Definitional equalities
Introduction of constants, including functions.
• Modules → record type

21
 Record Types
• Record types provides a way to 1. record BN : Set where
bundle several values of different field
types (tupling). f1 : Bool
Cf. Dependent sums in type theory, f2 : Nat
products in category theory.
• The values of type BN are pairs of 2. c : Bool -> Nat -> BN
a value of Bool and a value of c b n =
Nat. Such pairs are given in the record { f1 = b ;
form f2 = n }
record { f1 = b ; f2 = n }
as in 2. This form is not a first 3. BN.f1 : BN -> Bool
cass object; can appear only at BN.f2 : BN -> Nat
the top level of the left hand side
of value declaration.
• f1 and f2 are field names.
One can extract components of
tuples by field names (selector,
projection)
Declaration 1. implies definitions of
BN.f1 and BN.f2 in 2.

22
 Dependent Record Types
• Type of a field can 1. record VR : Set where
depend on the value of field
length : Nat
previous fields. array :
• Example: pairs of a Array Bool length
natural number n and
Boolean array of length 2. VR.length : VR -> Nat
VR.array :
n (1.). (r : VR) ->
– The type of the second Array Bool (VR.length r)
field array of ifdepends
on length
– Types of selectors are
shown in 2.

23
 Parameterized Record Type
• Record type can take 1. record PVR (X : Set) : Set
a type parameter. where
field
• Example: 1. length : Nat
Types of selectors is array : Array X length
described in 2.
2. PVR.length :
• Type parameter X {X : Set} -> PVR X -> Nat
become an implicit PVR.array :
argument of selectors. {X : Set} ->
(r : PVR X) ->
Array X (PVR.length r)

24
 Tupling and Record types
record _×_ (A B : Set) : Set where p1 p2
field A A×B B
π1 : A
π2 : B
p1 : {A B : Set} -> A × B -> A f
[f,g]
g
p1 {A} {B} = _×_.π1 A B
p2 : {A B : Set} -> A × B -> A C
p2 {A} {B} = _×_.π2 A B
[_,_] : {A B C : Set} ->
(f : C -> A) -> (g : C -> B) -> Dependent sum (dependent pairs):
C -> A × B
record Σ(A : Set) (B : A -> Set) : Set
[f,g]c=
where
record { π1 = f c ; π2 = g c }
field
pi1 : A
Projections = selectors.
pi2 : B pi1
Pairing using record construct.

25
 Agda as a programming language
• Types
– data … (datatypes, inductively defined types)
– record … (record types, dependent tuples)
• Definitional equalities
Introduction of constants, including functions.
• Modules → record types

26
 Function Declaration
• Function declaration 1. add : Nat -> Nat -> Nat
consists of add n ０ = n
1. type specification and
add n (m ′) = (add n m)′
2. value definition via
patten matching. (1.)
2. _==_ :
Nat -> Nat -> Bool
• Infix/mixfix operator ０ == ０ = true
Cf. mixfix constructors. (2.) zero == _ ′ = false
• Wildcard is available in m ′ == ０ = false
m ′ == n ′ = m == n
pattern matching (2.).
• Functional abstraction is 3. ¥ (x : Nat) -> x
written as in 3., which
corresponds to (λx : Nat)
x; they are used as first
class object (i.e., as a
usual term).

27
 Function Declaration
• By means of implicit 1. if_then_else_fi :
type parameters, if- {X : Set} ->
then-else (1.) and Bool -> X -> X -> X
Array map (2.) can if true then a else _ fi = a
be defined nicely. if false then _ else b fi = b

2. ArrayMap :
{X Y : Set} -> {n : Nat} ->
(X -> Y) -> Array X n ->
Array Y n
ArrayMap f * = *
ArrayMap f (x ^ xs) = (f x) ^
(ArrayMap f xs)

28
 Agenda
• On Agda
• Agda as a programming language
• Agda as a proof system
• Further information.

29
Two ways of embedding a logic
• Shallow embedding
Embedding using the Curry-Howard correspondence
Formulae as sets (elements of Set) of their proofs
∴ Inductive definition by the construction off formulae is not
possible.
Substitution and reduction are Agda’s.
• Deep embedding
The type of formulae is defined inductively by Agda
∴Inductive definition by the construction of formulae is
possible.

30
 Shallow Embedding
of First Order Predicate Logic
• Proposition as a set of proofs
Agda’s semantics naturally leads to Intuitionistic
logic
• Shallow Embedding
Proposition Î set of all its proofs (proof figures).
Proof Î introduced for each proposition.

31
 Shallow Embedding
of First Order Predicate Logic
• Each logical connective is introduced by four kinds of
rules (Martin-Löf)
1. Formation rule, which shows how a (complex) proposition is
derived from (simpler) propositions by means of the logical
connective.
2. Introduction rule, which shows how a proof of the (complex)
proposition with the connective is derived from proofs of the
(simpler) proposition.
3. Elimination rule, which shows how a proof of the (simpler)
proposition could be derived from a proof of the (complex)
proposition.
4. Conversion, which shows the equivalence between proofs.
For each logical connective, we shall give corresponding
Agda construction, in the form of three kinds of rules
(1.-3.) above.

32
 ⊥ (absurdity)
Absurdity is a proposition 1. data ⊥ : Set
with no proof i.e. Empty where
Set
1. Formation rule
⊥ is a proposition. 2. ⊥Elim :
2. Introduction rule {P : Prop} ->
No constructor for ⊥ ⊥ ->
∴no proof for proposition P
3. Elimination rule ⊥Elim ()
For any proposition P,
Elim takes a proof of ⊥
and returns a proof of P.
() matches when there is no
constructor in the type

33
 ∧ (conjunction)
1.Formation rule record _∧_ (P Q : Set) : Set where
If P and Q are field
propositions, P ∧ Elim1 : P ; Elim2 : Q
Q is a proposition.
∧ is defined as a ∧Intro :
parameterized {P Q : Set} -> P -> Q -> P ∧ Q
record ∧Intro a b =
2.Introduction rule record { Elim1 = a ; Elim2 = b }
Function ∧Intro
takes a proof of P ∧Elim1 : {P Q : Set} -> P ∧ Q -> P
and a proof of Q, ∧Elim1 = _∧_.Elim1
and returns a proof ∧Elim2 : {P Q : Set} -> P ∧ Q -> Q
of P ∧ Q. ∧Elim2 = _∧_.Elim2
3.Elimination rules
Two elimination rules
given by selectors.

34
 ∨ (disjunction)
1. Formation rule data _∨_ (P Q : Set) : Set where
If P and Q are propositions, ∨Intro1 : P -> P ∨ Q
P ∨ Q is a proposition. ∨Intro2 : Q -> P ∨ Q
∨ is introduced as a
parameterized datatype. ∨Elim :
{P Q C : Set} -> P ∨ Q ->
2. Introduction rules (P -> C) -> (Q -> C) -> C
∨Intro1 takes a proof of ∨Elim (∨Intro1 a) prfP _ =
P, giving a proof of P ∨ prfP a
Q. ∨Elim (∨Intro2 b) _ prfQ =
∨Intro2 takes a proof of prfQ b
Q, giving a proof of P∨Q.
3. Elimination rule
∨Elim exactly [P] [Q]
corresponds to ∨-
elimination rule
P∨Q C C
∨-elimination
C
35
 ⊃ (implication)
1. Formation rule data _⊃_ (P Q : Set) : Set where
If P and Q are ⊃Intro : (P -> Q) -> P ⊃ Q
propositions, P ⊃ Q is a ⊃Elim : {P Q : Set} ->
proposition.
P ⊃ Q -> P -> Q
2. Introduction rule ⊃Elim (⊃ Intro f) a = f a
A value of type P -> Q is
a proof of Q with the
assumption of P.
Proofs of P ⊃ Q are in
one-to-one
correspondence with [A]①
values of P -> Q.

…
3. Elimination rule ∨-intro1
B
Given a proof of P ⊃ Q ① ⊃-intro
and P, derive a proof of Q. A⊃B

36
 ￢ (negation)
Negation is introduced as an 1. ¬ : Set -> Set
abbreviation. ¬ P = P ⊃ ⊥
1. Formation rule
If P is a proposition, ￢P is 2. ¬Intro :
a proposition. {P : Set} ->
2. Introduction rule (P -> ⊥) ->
￢Intro deduces ￢P from
¬ P
a proof of ⊥ with the ¬Intro pr = ⊃Intro pr
assumption of P, s proof
to absurdity and returns 3. ¬Elim :
a proof of ￢P. {P : Set} ->
3. Elimination rule ¬ P -> P ->
￢Elim deduces ⊥ from a ⊥
pair of a proof of P and ¬Elim (⊃Intro pr1) pr2 =
that of ￢P . pr1 pr2

37
 Example of a proof of tautology
1. p1 : (A B : Set) ->
[A∧B]① (A ∧ B) ⊃ (A ∨ B)
∧elim1 p1 A B =
A ⊃Intro
∨-intro1 (¥ (x : A ∧ B) ->
A∨B
① ⊃-intro ∨Intro1
A∧B ⊃ A∨B (∧Elim1 x))

38
 ∀ (universal quantifier)
1. Formation rule ∀ (A : Set) (P : A -> Set) : Set
Let A be a set and Q be a where
``predicate on A,’’ i.e., a ∀Intro :
function from A to Set . ((a : A) -> P a) -> ∀ A P
Then, ∀ A P is a formula.
s a function from P to ∀Elim :
Propositions. {A : Set} -> {P : A -> Set} ->
2. Introduction rule ∀ A P -> (a : A) -> P a
Proofs of ∀ A P are exactly ∀Elim (∀Intro f) a = f a
functions that take an
element a of A and returns
a proof of
P a,
3. Elimination rule
…

…
Given a set A, a predicate P on
A, a proof of ∀ A P and Pa ∀AP
an element a of A, the ∀-intro, a ∀-elim
proposition P a is deduced. ∀AP Pa

39
 ∃ (existential quantifier)
1. Formation rule record ∃ (A : Set)
(P : A -> Set) : Set
If A is a set and P is a where
predicate on A, ∃ P Q field
is a proposition. evidence : A
2. Introduction rule ∃Elim : P evidence
From A, P, an element a of
A and a proof P a, ∃Intro : {A : Set} ->
deduce ∃ A P. {P : A -> Set} ->
Here, we call a to be the (a : A) -> P a -> ∃ A P
evidence used in this ∃Intro a prf =
proof. record { evidence = a ;
Elim = prf }
3. Elimination rule
From A, P and a proof of
∃ A P, deduce P a,
where a is the element
of A used as the
evidence.

40
 ∃ (existential quantifier)
record ∃ (A : Set)
3. Elimination rule (P : A -> Set) : Set
From A, P and a proof of where
∃ A P, deduce P a, field
where a is the evidence : A
element of A used as ∃Elim : P evidence
the evidence.
∃Elim : (A : Set) ->
(P : A -> Set) -> (C :
Set) ->
(∃ A P) -> (P a -> C) -> C

∃Elim A P C prf1 prf2 =

Pa

…
…
∃AP C
∃-elim
C
41
 Agda Language
• Type declaration
– data … (recursive type)
– record … (record)
• Function declaration (definitional equality)
• Postulate
• Module declaration → record type
• fixity

42
 Classical Logic, Excluded Middle
• Agda cannot prove 1. postulate LEM :
Excluded Middle (P : Set) ->
P ∨ (¬ P)
• postulate:
Introduce a fresh
value of the given
type.
Can be lead
inconsistency
• LEM: 1.
A “proof” of Law of
Excluded Middle is
introduced.

43
 Example: Double Negation Elimination
DNE :
{A : Set} ->
(¬ (¬ A)) ⊃ A
[￢￢A]② [￢A]① ￢Elim
DNE {A} =
⊥
⊃Intro
LEM ⊥Elim (¥(y : ¬ (¬ A)) ->
A∨￢A [A]① A
① ∨-elimination
A ∨Elim
② ⊃-introduction
￢￢A ⊃ A LEM
(¥(w : A) -> w)
(¥(z : ¬ A) ->
(⊥Elim
(￢Elim y z))))

44
 Agenda
• On Agda
• Agda as a programming language
• Agda as a proof system
• Further information.

45
 Further Information
• Agda wiki
Recent Information of
Agda (Agda2)
Google “Agda wiki” or go
directly to
http://www.cs.chalmer
s.se/~ulfn/Agda

46