Verified QuickSort on Agda

Good day, dear habrauzer!

Having read several books on typed lambda calculus, namely on dependent types, I saw an interesting pattern: everywhere the first example is the definition of the “sorted list” type. Everything would be fine, but there was nothing beyond this definition. So I thought up to fill this gap and implement a function that accepts the list, and returns another list and two proofs. One proves that the result is a permutation of the input, and the other proves that the result is a sorted list.

Formal description

')
In this section, I will provide the basic types that will be used further, and some auxiliary functions. Also here will be shown some interesting syntactic charms of Agda. For those who are not very familiar with Agda, I recommend watching the video / slides of Jan Malakhovsky at the SPbHUG / FProg 2012-07 meeting - in my opinion, this is the only introduction to Agda in Russian (well, I haven’t met again). Or browse through the manual from the Agda site (it is not large) or this tutorial .

List definitions

data List {a} (A : Set a) : Set a where [] : List A _∷_ : (x : A) (xs : List A) → List A [_] : ∀ {a} {A : Set a} → A → List A [ x ] = x ∷ [] _++_ : ∀ {a} {A : Set a} → List A → List A → List A [] ++ ys = ys (x ∷ xs) ++ ys = x ∷ (xs ++ ys)

Here we have a list. The definition is taken from the standard library. As you can see, the elements of the list can be values of any type, even types and types of types and so on. This is possible due to the use of high-order polymorphism: the parameter a is introduced, which is responsible for the level, that is, the usual types are of type Set 0 , Set 0 is of type Set 1 , etc.
Also in this definition you can see how in Agda operators are declared, namely through underscores, in which place there will be arguments. It should be noted that this method allows you to define very different and very interesting forms, such as a function that returns a list from a single element [_] .

It should be noted that for all operators (combinators with underscores) you can specify the priority and associativity. Also in Agda, any Unicode sequence without spaces and brackets (round and curly) is a term.
You should also pay attention to the parentheses and curly braces: curly brackets in the type indication say that this argument is implicit and will be output by the compiler.

Type "sorted list"

 data Sorted {A} (_≤_ : A → A → Set) : List A → Set where nil : Sorted _≤_ [] one : {x : A} → Sorted _≤_ [ x ] two : {x : A} → ∀ {yl} → x ≤ y → Sorted _≤_ (y ∷ l) → Sorted _≤_ (x ∷ y ∷ l)

This definition of the predicate is "sorted list". Designers should be considered as axioms. We have axioms nil and one which say that the empty list and the list with one element are sorted. We also see that the Sorted type depends on the predicate _≤_ , which is responsible for the order — something like the comparison function, but dependently type (the arguments are values of the usual type, and the result is some type whose value is proof). Axiom two says the following: if we have evidence that x ≤ y ( x ≤ y is a type, and a value of type x ≤ y is proof that x ≤ y . See the Curry-Howard isomorphism ), and proof that some list with head y is sorted (this proof is a value of type Sorted _≤_ (y l)) , then the list x ∷ y ∷ l will also be sorted.

Type "permutation"

 data Permutation {A} : List A → List A → Set where refl : ∀ {l} → Permutation ll perm : ∀ {l} l₁ x₁ x₂ l₂ → Permutation l (l₁ ++ x₂ ∷ x₁ ∷ l₂) → Permutation l (l₁ ++ x₁ ∷ x₂ ∷ l₂)

Type (predicate) "permutation". Arguments are two lists. Input axioms: refl - the list is a permutation of itself; perm - if we have a proof that some list l is a permutation of another list l₁ ++ x₂ ∷ x₁ ∷ l₂ (proof of this is a value of type Permutation l (l₁ ++ x₂ ∷ x₁ ∷ l₂) ), then if you rearrange two arbitrary element in places, we get that the new list is a permutation of the first one.

Type "amount"

 data _⊎_ {ab} (A : Set a) (B : Set b) : Set (a ⊔ b) where inj₁ : (x : A) → A ⊎ B inj₂ : (y : B) → A ⊎ B

Well, everything is simple - it is not dependent type - analog of Either in Haskell.

Type Product

 record Σ {ab} (A : Set a) (B : A → Set b) : Set (a ⊔ b) where constructor _,_ field proj₁ : A proj₂ : B proj₁ syntax Σ A (λ x → B) = Σ[ x ∶ A ] B _×_ : ∀ {ab} (A : Set a) (B : Set b) → Set (a ⊔ b) A × B = Σ[ _ ∶ A ] B

This is an analogue of a tuple. The record is used, since this type can have only one constructor. This definition uses the dependent type: the first element is a value, and the second is the proof of the execution of a predicate on this element. But, of course, you don’t have to use it this way, you can just like a regular tuple (through _ × _ ) - then the dependence between the elements is ignored. syntax allows new syntaxes to be defined if there are few simple possibilities.

Sort function

 sort : {A : Set} {_≤_ : A → A → Set} → (∀ xy → (x ≤ y) ⊎ (y ≤ x)) → (l : List A) → Σ[ l' ∶ List A ] (Sorted _≤_ l' × Permutation l l')

Finally, we describe the type of the sort function: this function accepts (implicitly) a predicate that determines the order, also a function that for input values returns a proof that the first is greater than the second or that the second is greater than the first. I think the reader guessed that this function will be used to build evidence of the sorting of the result list. Also, of course, one of the input parameters is a list that will be sorted.
The sort function returns a list and two proofs (sorting and permutations).

Implement the sort function

Of course, no implementation of this function will be here - not that I would be sorry to show the code, I feel sorry for myself to explain it. Therefore, I will give proofs (implementations) of some auxiliary functions that I needed while writing the sort function.

A working source can be found here.

Used by Agda-2.3.1 and Standard Library-0.6

 {-# OPTIONS --no-termination-check #-} module QuickSort where open import IO.Primitive using () renaming (putStrLn to putCoStrLn) open import Data.String using (toCostring; String) renaming (_++_ to _+s+_) open import Data.List open import Data.Nat open import Data.Nat.Show open import Data.Sum open import Data.Product open import Relation.Binary.Core open import Function data Sorted {A} (_≤_ : A → A → Set) : List A → Set where nil : Sorted _≤_ [] one : {x : A} → Sorted _≤_ [ x ] two : {x : A} → ∀ {yl} → x ≤ y → Sorted _≤_ (y ∷ l) → Sorted _≤_ (x ∷ y ∷ l) data Permutation {A} : List A → List A → Set where refl : ∀ {l} → Permutation ll perm : ∀ {l} l₁ x₁ x₂ l₂ → Permutation l (l₁ ++ x₂ ∷ x₁ ∷ l₂) → Permutation l (l₁ ++ x₁ ∷ x₂ ∷ l₂) ≡-elim : ∀ {l} {A : Set l} {xy : A} → x ≡ y → (P : A → Set l) → P x → P y ≡-elim refl _ p = p ≡-sym : ∀ {l} {A : Set l} {xy : A} → x ≡ y → y ≡ x ≡-sym refl = refl ≡-trans : ∀ {l} {A : Set l} {xyz : A} → x ≡ y → y ≡ z → x ≡ z ≡-trans refl refl = refl ++-assoc : ∀ {l} {A : Set l} (l₁ l₂ l₃ : List A) → (l₁ ++ l₂) ++ l₃ ≡ l₁ ++ (l₂ ++ l₃) ++-assoc [] l₂ l₃ = refl ++-assoc (h ∷ t) l₂ l₃ = ≡-elim (≡-sym $ ++-assoc t l₂ l₃) (λ x → h ∷ x ≡ h ∷ t ++ (l₂ ++ l₃)) refl decNat : (xy : ℕ) → (x ≤ y) ⊎ (y ≤ x) decNat zero y = inj₁ z≤n decNat (suc x) (suc y) with decNat xy ... | inj₁ p = inj₁ (s≤sp) ... | inj₂ p = inj₂ (s≤sp) decNat (suc x) zero = inj₂ z≤n perm-trans : ∀ {A} {l₁ l₂ l₃ : List A} → Permutation l₁ l₂ → Permutation l₂ l₃ → Permutation l₁ l₃ perm-trans p refl = p perm-trans p₁ (perm l₁ x₁ x₂ l₂ p₂) = perm l₁ x₁ x₂ l₂ $ perm-trans p₁ p₂ perm-sym : ∀ {A} {l₁ l₂ : List A} → Permutation l₁ l₂ → Permutation l₂ l₁ perm-sym refl = refl perm-sym (perm l₁ x₁ x₂ l₂ p) = perm-trans (perm l₁ x₂ x₁ l₂ refl) (perm-sym p) perm-del-ins-r : ∀ {A} (l₁ : List A) (x : A) (l₂ l₃ : List A) → Permutation (l₁ ++ x ∷ l₂ ++ l₃) (l₁ ++ l₂ ++ x ∷ l₃) perm-del-ins-r l₁ x [] l₃ = refl perm-del-ins-r l₁ x (h ∷ t) l₃ = perm-trans p₀ p₅ where p₀ : Permutation (l₁ ++ x ∷ h ∷ t ++ l₃) (l₁ ++ h ∷ x ∷ t ++ l₃) p₀ = perm l₁ hx (t ++ l₃) refl p₁ : Permutation ((l₁ ++ [ h ]) ++ x ∷ t ++ l₃) ((l₁ ++ [ h ]) ++ t ++ x ∷ l₃) p₁ = perm-del-ins-r (l₁ ++ [ h ]) xt l₃ p₂ : (l₁ ++ [ h ]) ++ t ++ x ∷ l₃ ≡ l₁ ++ h ∷ t ++ x ∷ l₃ p₂ = ++-assoc l₁ [ h ] (t ++ x ∷ l₃) p₃ : (l₁ ++ [ h ]) ++ x ∷ t ++ l₃ ≡ l₁ ++ h ∷ x ∷ t ++ l₃ p₃ = ++-assoc l₁ [ h ] (x ∷ t ++ l₃) p₄ : Permutation ((l₁ ++ [ h ]) ++ x ∷ t ++ l₃) (l₁ ++ h ∷ t ++ x ∷ l₃) p₄ = ≡-elim p₂ (λ y → Permutation ((l₁ ++ [ h ]) ++ x ∷ t ++ l₃) y) p₁ p₅ : Permutation (l₁ ++ h ∷ x ∷ t ++ l₃) (l₁ ++ h ∷ t ++ x ∷ l₃) p₅ = ≡-elim p₃ (λ y → Permutation y (l₁ ++ h ∷ t ++ x ∷ l₃)) p₄ perm-del-ins-l : ∀ {A} (l₁ l₂ : List A) (x : A) (l₃ : List A) → Permutation (l₁ ++ l₂ ++ x ∷ l₃) (l₁ ++ x ∷ l₂ ++ l₃) perm-del-ins-l l₁ l₂ x l₃ = perm-sym $ perm-del-ins-r l₁ x l₂ l₃ perm-++ : ∀ {A} {x₁ y₁ x₂ y₂ : List A} → Permutation x₁ y₁ → Permutation x₂ y₂ → Permutation (x₁ ++ x₂) (y₁ ++ y₂) perm-++ refl refl = refl perm-++ (perm {x₁} l₁ e₁ e₂ l₂ p) (refl {z₂}) = perm-trans p₅ p₇ where p₁ : Permutation (x₁ ++ z₂) ((l₁ ++ e₂ ∷ e₁ ∷ l₂) ++ z₂) p₁ = perm-++ p refl p₂ : (l₁ ++ e₂ ∷ e₁ ∷ l₂) ++ z₂ ≡ l₁ ++ (e₂ ∷ e₁ ∷ l₂) ++ z₂ p₂ = ++-assoc l₁ (e₂ ∷ e₁ ∷ l₂) z₂ p₃ : l₁ ++ (e₂ ∷ e₁ ∷ l₂) ++ z₂ ≡ l₁ ++ e₂ ∷ (e₁ ∷ l₂) ++ z₂ p₃ = ≡-elim (++-assoc [ e₂ ] (e₁ ∷ l₂) z₂) (λ x → l₁ ++ (e₂ ∷ e₁ ∷ l₂) ++ z₂ ≡ l₁ ++ x) refl p₄ : l₁ ++ e₂ ∷ (e₁ ∷ l₂) ++ z₂ ≡ l₁ ++ e₂ ∷ e₁ ∷ l₂ ++ z₂ p₄ = ≡-elim (++-assoc [ e₁ ] l₂ z₂) (λ x → l₁ ++ e₂ ∷ (e₁ ∷ l₂) ++ z₂ ≡ l₁ ++ e₂ ∷ x) refl g₂ : (l₁ ++ e₁ ∷ e₂ ∷ l₂) ++ z₂ ≡ l₁ ++ (e₁ ∷ e₂ ∷ l₂) ++ z₂ g₂ = ++-assoc l₁ (e₁ ∷ e₂ ∷ l₂) z₂ g₃ : l₁ ++ (e₁ ∷ e₂ ∷ l₂) ++ z₂ ≡ l₁ ++ e₁ ∷ (e₂ ∷ l₂) ++ z₂ g₃ = ≡-elim (++-assoc [ e₁ ] (e₂ ∷ l₂) z₂) (λ x → l₁ ++ (e₁ ∷ e₂ ∷ l₂) ++ z₂ ≡ l₁ ++ x) refl g₄ : l₁ ++ e₁ ∷ (e₂ ∷ l₂) ++ z₂ ≡ l₁ ++ e₁ ∷ e₂ ∷ l₂ ++ z₂ g₄ = ≡-elim (++-assoc [ e₂ ] l₂ z₂) (λ x → l₁ ++ e₁ ∷ (e₂ ∷ l₂) ++ z₂ ≡ l₁ ++ e₁ ∷ x) refl p₅ : Permutation (x₁ ++ z₂) (l₁ ++ e₂ ∷ e₁ ∷ l₂ ++ z₂) p₅ = ≡-elim (≡-trans p₂ $ ≡-trans p₃ p₄) (Permutation (x₁ ++ z₂)) p₁ p₆ : Permutation (l₁ ++ e₂ ∷ e₁ ∷ l₂ ++ z₂) (l₁ ++ e₁ ∷ e₂ ∷ l₂ ++ z₂) p₆ = perm l₁ e₁ e₂ (l₂ ++ z₂) refl p₇ : Permutation (l₁ ++ e₂ ∷ e₁ ∷ l₂ ++ z₂) ((l₁ ++ e₁ ∷ e₂ ∷ l₂) ++ z₂) p₇ = ≡-elim (≡-sym $ ≡-trans g₂ $ ≡-trans g₃ g₄) (Permutation (l₁ ++ e₂ ∷ e₁ ∷ l₂ ++ z₂)) p₆ perm-++ {_} {x₁} {y₁} .{_} .{_} p₁ (perm {x₂} l₁ e₁ e₂ l₂ p₂) = ≡-elim p₇ (Permutation (x₁ ++ x₂)) p₆ where p' : Permutation (x₁ ++ x₂) (y₁ ++ l₁ ++ e₂ ∷ e₁ ∷ l₂) p' = perm-++ p₁ p₂ p₃ : y₁ ++ l₁ ++ e₂ ∷ e₁ ∷ l₂ ≡ (y₁ ++ l₁) ++ e₂ ∷ e₁ ∷ l₂ p₃ = ≡-sym $ ++-assoc y₁ l₁ (e₂ ∷ e₁ ∷ l₂) p₄ : Permutation (x₁ ++ x₂) ((y₁ ++ l₁) ++ e₂ ∷ e₁ ∷ l₂) p₄ = ≡-elim p₃ (Permutation (x₁ ++ x₂)) p' p₅ : Permutation ((y₁ ++ l₁) ++ e₂ ∷ e₁ ∷ l₂) ((y₁ ++ l₁) ++ e₁ ∷ e₂ ∷ l₂) p₅ = perm (y₁ ++ l₁) e₁ e₂ l₂ refl p₆ : Permutation (x₁ ++ x₂) ((y₁ ++ l₁) ++ e₁ ∷ e₂ ∷ l₂) p₆ = perm-trans p₄ p₅ p₇ : (y₁ ++ l₁) ++ e₁ ∷ e₂ ∷ l₂ ≡ y₁ ++ l₁ ++ e₁ ∷ e₂ ∷ l₂ p₇ = ++-assoc y₁ l₁ (e₁ ∷ e₂ ∷ l₂) ++-[] : ∀ {l} {A : Set l} (l : List A) → l ++ [] ≡ l ++-[] [] = refl ++-[] (h ∷ t) = ≡-trans p₀ p₁ where p₀ : (h ∷ t) ++ [] ≡ h ∷ t ++ [] p₀ = ++-assoc [ h ] t [] p₁ : h ∷ t ++ [] ≡ h ∷ t p₁ = ≡-elim (++-[] t) (λ x → h ∷ t ++ [] ≡ h ∷ x) refl data ConstrainedList {A} (P : A → Set) : List A → Set where [] : ConstrainedList P [] _∷_ : {x : A} {xs : List A} (p : P x) → ConstrainedList P xs → ConstrainedList P (x ∷ xs) infix 2 _∈_ data _∈_ {A} : A → List A → Set where exact : ∀ ht → h ∈ h ∷ t cons : ∀ h {xl} → x ∈ l → x ∈ h ∷ l create-∈ : ∀ {A} (l₁ : List A) (x : A) (l₂ : List A) → x ∈ (l₁ ++ x ∷ l₂) create-∈ [] x l₂ = exact x l₂ create-∈ (h₁ ∷ t₁) x l₂ = cons h₁ $ create-∈ t₁ x l₂ perm-∈ : ∀ {A l l'} {x : A} → x ∈ l → Permutation l' l → x ∈ l' perm-∈ p refl = p perm-∈ {A} .{l₁ ++ x₁ ∷ x₂ ∷ l₂} {l'} {x} p₁ (perm l₁ x₁ x₂ l₂ p₂) = perm-∈ (loop l₁ x₁ x₂ l₂ p₁) p₂ where loop : ∀ l₁ x₁ x₂ l₂ → x ∈ l₁ ++ x₁ ∷ x₂ ∷ l₂ → x ∈ l₁ ++ x₂ ∷ x₁ ∷ l₂ loop [] .x x₂ l₂ (exact .x .(x₂ ∷ l₂)) = cons x₂ $ exact x l₂ loop [] .x₁ .x .l₂ (cons x₁ (exact .x l₂)) = exact x (x₁ ∷ l₂) loop [] .x₁ .x₂ l₂ (cons x₁ (cons x₂ p)) = cons x₂ $ cons x₁ p loop (.x ∷ t₁) x₁ x₂ l₂ (exact .x .(t₁ ++ x₁ ∷ x₂ ∷ l₂)) = exact x (t₁ ++ x₂ ∷ x₁ ∷ l₂) loop (.h₁ ∷ t₁) x₁ x₂ l₂ (cons h₁ p) = cons h₁ $ loop t₁ x₁ x₂ l₂ p constr-∈ : ∀ {A l} {x : A} → ∀ {P} → ConstrainedList P l → x ∈ l → P x constr-∈ [] () constr-∈ (p ∷ _) (exact _ _) = p constr-∈ (_ ∷ cl) (cons _ p) = constr-∈ cl p sortedHelper₂ : ∀ {A _≤_} {h : A} → ∀ {l'} → Sorted _≤_ l' → ∀ {l} → Permutation ll' → ConstrainedList (λ x → x ≤ h) l → ∀ {g'} → Sorted _≤_ (h ∷ g') → Sorted _≤_ (l' ++ h ∷ g') sortedHelper₂ {_} {_≤_} {h} {l'} sl' pll' cl {g'} sg' = loop [] l' refl sl' where loop : ∀ l₁ l₂ → l₁ ++ l₂ ≡ l' → Sorted _≤_ l₂ → Sorted _≤_ (l₂ ++ h ∷ g') loop _ .[] _ nil = sg' loop l₁ .(x ∷ []) p (one {x}) = two (constr-∈ cl $ perm-∈ x∈l' pll') sg' where x∈l' : x ∈ l' x∈l' = ≡-elim p (λ l → x ∈ l) (create-∈ l₁ x []) loop l₁ .(x ∷ y ∷ l) p≡ (two {x} {y} {l} x≤y ps) = two x≤y $ loop (l₁ ++ [ x ]) (y ∷ l) p' ps where p' : (l₁ ++ [ x ]) ++ y ∷ l ≡ l' p' = ≡-trans (++-assoc l₁ [ x ] (y ∷ l)) p≡ sortedHelper₁ : ∀ {A _≤_} {h : A} → ∀ {l'} → Sorted _≤_ l' → ∀ {l} → Permutation ll' → ConstrainedList (λ x → x ≤ h) l → ∀ {g'} → Sorted _≤_ g' → ∀ {g} → Permutation gg' → ConstrainedList (λ x → h ≤ x) g → Sorted _≤_ (l' ++ h ∷ g') sortedHelper₁ sl' pll' cl nil _ _ = sortedHelper₂ sl' pll' cl one sortedHelper₁ sl' pll' cl {h ∷ t} sg' pgg' cg = sortedHelper₂ sl' pll' cl $ two (constr-∈ cg $ perm-∈ (exact ht) pgg') sg' quickSort : {A : Set} {_≤_ : A → A → Set} → (∀ xy → (x ≤ y) ⊎ (y ≤ x)) → (l : List A) → Σ[ l' ∶ List A ] (Sorted _≤_ l' × Permutation l l') quickSort _ [] = [] , nil , refl quickSort {A} {_≤_} _≤?_ (h ∷ t) = loop t [] [] [] [] refl where loop : ∀ ilg → ConstrainedList (λ x → x ≤ h) l → ConstrainedList (λ x → h ≤ x) g → Permutation t ((l ++ g) ++ i) → Σ[ l' ∶ List A ] (Sorted _≤_ l' × Permutation (h ∷ t) l') loop [] lg cl cg p = l' ++ h ∷ g' , sortedHelper₁ sl' pll' cl sg' pgg' cg , perm-trans p₃ p₄ where lSort = quickSort _≤?_ l gSort = quickSort _≤?_ g l' = proj₁ lSort g' = proj₁ gSort sl' = proj₁ $ proj₂ lSort sg' = proj₁ $ proj₂ gSort pll' = proj₂ $ proj₂ lSort pgg' = proj₂ $ proj₂ gSort p₁ : Permutation (l ++ g) (l' ++ g') p₁ = perm-++ pll' pgg' p₂ : Permutation t (l' ++ g') p₂ = perm-trans (≡-elim (++-[] (l ++ g)) (λ x → Permutation tx) p) p₁ p₃ : Permutation (h ∷ t) (h ∷ l' ++ g') p₃ = perm-++ (refl {_} {[ h ]}) p₂ p₄ : Permutation (h ∷ l' ++ g') (l' ++ h ∷ g') p₄ = perm-del-ins-r [] hl' g' loop (h' ∷ t) lg cl cg p with h' ≤? h ... | inj₁ h'≤h = loop t (h' ∷ l) g (h'≤h ∷ cl) cg (perm-trans p p') where p' : Permutation ((l ++ g) ++ h' ∷ t) (h' ∷ (l ++ g) ++ t) p' = perm-del-ins-l [] (l ++ g) h' t ... | inj₂ h≤h' = loop tl (h' ∷ g) cl (h≤h' ∷ cg) (perm-trans p p') where p₁ : l ++ g ++ h' ∷ t ≡ (l ++ g) ++ h' ∷ t p₁ = ≡-sym $ ++-assoc lg (h' ∷ t) p₂ : l ++ (h' ∷ g) ++ t ≡ (l ++ h' ∷ g) ++ t p₂ = ≡-sym $ ++-assoc l (h' ∷ g) t p₃ : (h' ∷ g) ++ t ≡ h' ∷ g ++ t p₃ = ++-assoc [ h' ] gt p₄ : l ++ h' ∷ g ++ t ≡ l ++ (h' ∷ g) ++ t p₄ = ≡-sym $ ≡-elim p₃ (λ x → l ++ x ≡ l ++ h' ∷ g ++ t) refl p₅ : Permutation (l ++ g ++ h' ∷ t) (l ++ h' ∷ g ++ t) p₅ = perm-del-ins-l lgh' t p₆ : Permutation ((l ++ g) ++ h' ∷ t) (l ++ h' ∷ g ++ t) p₆ = ≡-elim p₁ (λ x → Permutation x (l ++ h' ∷ g ++ t)) p₅ p' : Permutation ((l ++ g) ++ h' ∷ t) ((l ++ h' ∷ g) ++ t) p' = ≡-elim (≡-trans p₄ p₂) (λ x → Permutation ((l ++ g) ++ h' ∷ t) x) p₆ showl : List ℕ → String showl [] = "[]" showl (h ∷ t) = show h +s+ "∷" +s+ showl t l₁ : List ℕ l₁ = 19 ∷ 6 ∷ 13 ∷ 2 ∷ 8 ∷ 15 ∷ 1 ∷ 10 ∷ 11 ∷ 2 ∷ 17 ∷ 4 ∷ [ 3 ] l₂ = quickSort decNat l₁ main = putCoStrLn ∘ toCostring $ showl $ proj₁ l₂

Propositional Equivalence

 data _≡_ {a} {A : Set a} (x : A) : A → Set a where refl : x ≡ x ≡-cong : ∀ {ab} {A : Set a} {B : Set b} {xy} → x ≡ y → (f : A → B) → fx ≡ fy ≡-cong refl _ = refl ≡-elim : ∀ {l} {A : Set l} {xy : A} → x ≡ y → (P : A → Set l) → P x → P y ≡-elim refl _ p = p ≡-sym : ∀ {l} {A : Set l} {xy : A} → x ≡ y → y ≡ x ≡-sym refl = refl ≡-trans : ∀ {l} {A : Set l} {xyz : A} → x ≡ y → y ≡ z → x ≡ z ≡-trans refl refl = refl

As you can see, everything is simple: only one axiom that says that two objects are equal, if they are one and the same. Also here auxiliary functions are defined for working with proofs of equivalence. I think it's more understandable here. Let me explain only with the example of ≡-elim : the only value of the argument of the type x ≡ y can be refl , which has one implicit parameter, which in the ≡-elim refl _ p line is equal to both x and y , therefore, p has the same value type and P x and P y , and if the value of p is of type P y , then in this situation it will be the result of the function ≡-elim .

Associative concatenation operation

 ++-assoc : ∀ {l} {A : Set l} (l₁ l₂ l₃ : List A) → (l₁ ++ l₂) ++ l₃ ≡ l₁ ++ (l₂ ++ l₃) ++-assoc [] l₂ l₃ = refl ++-assoc (h ∷ t) l₂ l₃ = ≡-cong (++-assoc t l₂ l₃) (λ x → h ∷ x)

Here $ is nothing more than an application operator, like in Haskell. It is clear from the definition that this function (or, one can say, the lemma) proves for three arbitrary lists the associativity of the concatenation operation. I want to note that during the compilation terms are partially reduced using the existing definitions. In this function, the following happens:
term

 ≡-cong (++-assoc t l₂ l₃) (λ x → h ∷ x)

has a type

 h ∷ (t ++ l₂) ++ l₃ ≡ h ∷ t ++ (l₂ ++ l₃)

and we need a type

 (l₁ ++ l₂) ++ l₃ ≡ l₁ ++ (l₂ ++ l₃)

 ((h ∷ t) ++ l₂) ++ l₃ ≡ (h ∷ t) ++ (l₂ ++ l₃)

this given that

 l₁ = h ∷ t

further, the compiler, using the definition of concatenation, reduces these terms to some general form.
Try with a term using concatenation definition,

 ((h ∷ t) ++ l₂) ++ l₃ ≡ (h ∷ t) ++ (l₂ ++ l₃)

get a term

 h ∷ (t ++ l₂) ++ l₃ ≡ h ∷ t ++ (l₂ ++ l₃)

It should also be borne in mind that the concatenation operation is right associative - but this is not important for understanding.

The transitivity and symmetry of the permutation

 perm-trans : ∀ {A} {l₁ l₂ l₃ : List A} → Permutation l₁ l₂ → Permutation l₂ l₃ → Permutation l₁ l₃ perm-trans p refl = p perm-trans p₁ (perm l₁ x₁ x₂ l₂ p₂) = perm l₁ x₁ x₂ l₂ $ perm-trans p₁ p₂ perm-sym : ∀ {A} {l₁ l₂ : List A} → Permutation l₁ l₂ → Permutation l₂ l₁ perm-sym refl = refl perm-sym (perm l₁ x₁ x₂ l₂ p) = perm-trans (perm l₁ x₂ x₁ l₂ refl) (perm-sym p)

"Long" rearrangement left and right

 perm-del-ins-r : ∀ {A} (l₁ : List A) (x : A) (l₂ l₃ : List A) → Permutation (l₁ ++ x ∷ l₂ ++ l₃) (l₁ ++ l₂ ++ x ∷ l₃) perm-del-ins-r l₁ x [] l₃ = refl perm-del-ins-r l₁ x (h ∷ t) l₃ = perm-trans p₀ p₅ where p₀ : Permutation (l₁ ++ x ∷ h ∷ t ++ l₃) (l₁ ++ h ∷ x ∷ t ++ l₃) p₀ = perm l₁ hx (t ++ l₃) refl p₁ : Permutation ((l₁ ++ [ h ]) ++ x ∷ t ++ l₃) ((l₁ ++ [ h ]) ++ t ++ x ∷ l₃) p₁ = perm-del-ins-r (l₁ ++ [ h ]) xt l₃ p₂ : (l₁ ++ [ h ]) ++ t ++ x ∷ l₃ ≡ l₁ ++ h ∷ t ++ x ∷ l₃ p₂ = ++-assoc l₁ [ h ] (t ++ x ∷ l₃) p₃ : (l₁ ++ [ h ]) ++ x ∷ t ++ l₃ ≡ l₁ ++ h ∷ x ∷ t ++ l₃ p₃ = ++-assoc l₁ [ h ] (x ∷ t ++ l₃) p₄ : Permutation ((l₁ ++ [ h ]) ++ x ∷ t ++ l₃) (l₁ ++ h ∷ t ++ x ∷ l₃) p₄ = ≡-elim p₂ (λ y → Permutation ((l₁ ++ [ h ]) ++ x ∷ t ++ l₃) y) p₁ p₅ : Permutation (l₁ ++ h ∷ x ∷ t ++ l₃) (l₁ ++ h ∷ t ++ x ∷ l₃) p₅ = ≡-elim p₃ (λ y → Permutation y (l₁ ++ h ∷ t ++ x ∷ l₃)) p₄ perm-del-ins-l : ∀ {A} (l₁ l₂ : List A) (x : A) (l₃ : List A) → Permutation (l₁ ++ l₂ ++ x ∷ l₃) (l₁ ++ x ∷ l₂ ++ l₃) perm-del-ins-l l₁ l₂ x l₃ = perm-sym $ perm-del-ins-r l₁ x l₂ l₃

These features are more interesting. Here I just want to note that if we consider types as theorems or lemmas, and terms of a corresponding type as evidence, then it is obvious that there can be any number of proofs of a certain statement (as well as terms of a corresponding type). For example, it seems to me that the function above can be proved easier It is also interesting that the “sorted list” type I cited is a kind of singleton: each type has one representative. As for the permutation, for one type there can be an infinite number of different terms (for example, you can rearrange the same elements twice so that the lists will not change).

Order on natural numbers

 data ℕ : Set where zero : ℕ suc : ℕ → ℕ data _≤_ : ℕ → ℕ → Set where z≤n : ∀ {n} → zero ≤ n s≤s : ∀ {mn} (m≤n : m ≤ n) → suc m ≤ suc n decNat : (xy : ℕ) → (x ≤ y) ⊎ (y ≤ x) decNat zero y = inj₁ z≤n decNat (suc x) (suc y) with decNat xy ... | inj₁ p = inj₁ (s≤sp) ... | inj₂ p = inj₂ (s≤sp) decNat (suc x) zero = inj₂ z≤n

Finally, the resolving procedure for determining the order on natural numbers. (Pay attention to how variables are named - all that there is a term without spaces.) The predicate is _≤_ . Two axioms are introduced, one of which says that any number is greater than or equal to zero, and the other that if one number is greater than the other, then the ratio will remain if you add one to them.
It also uses a with construction - but I think its use is very clear.

That's all:)

From myself I will say that it is very interesting to write such programs.

Source: https://habr.com/ru/post/148769/

All Articles