Dependently Typed Programming with Finite Sets Denis Firsov and - PowerPoint PPT Presentation

Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of Cybernetics at TUT November 13, 2015 1 / 67

Outline The problem and motivation Different notions of finiteness Pragmatic finite subsets Approaches to defining functions from finite sets Prover for quantified formulas over decidable properties on finite sets 2 / 67

Motivating Example I A finite set could be defined as an inductive enumeration type: data Pauli : Set where X : Pauli Y : Pauli Z : Pauli I : Pauli 3 / 67

Motivating Example I A finite set could be defined as an inductive enumeration type: data Pauli : Set where X : Pauli Y : Pauli Z : Pauli I : Pauli Next, we can list all the elements: listPauli : List Pauli listPauli = X :: Y :: Z :: I :: [] 4 / 67

Motivating Example I A finite set could be defined as an inductive enumeration type: data Pauli : Set where X : Pauli Y : Pauli Z : Pauli I : Pauli Next, we can list all the elements: listPauli : List Pauli listPauli = X :: Y :: Z :: I :: [] Finally, we can prove that the list is indeed complete: allPauli : (x : Pauli) → x ∈ listPauli allPauli X = here allPauli Y = there here allPauli Z = there (there here) allPauli I = there (there (there here)) 5 / 67

Motivating Example II Typically we also want decidable equality: Dec : Set → Set Dec P = P ⊎ ¬ P 6 / 67

Motivating Example II Typically we also want decidable equality: Dec : Set → Set Dec P = P ⊎ ¬ P _ ≡ P?_ : (x 1 x 2 : Pauli) → Dec (x 1 ≡ x 2 ) X ≡ P? X = inj 1 refl X ≡ P? Y = inj 2 λ () X ≡ P? Z = inj 2 λ () X ≡ P? I = inj 2 λ () Y ≡ P? X = inj 2 λ () Y ≡ P? Y = inj 1 refl Y ≡ P? Z = inj 2 λ () Y ≡ P? I = inj 2 λ () Z ≡ P? X = inj 2 λ () Z ≡ P? Y = inj 2 λ () Z ≡ P? Z = inj 1 refl Z ≡ P? I = inj 2 λ () I ≡ P? X = inj 2 λ () I ≡ P? Y = inj 2 λ () I ≡ P? Z = inj 2 λ () I ≡ P? I = inj 1 refl 7 / 67

Listable Finite Sets All X xs says that list xs has all elements of type X . All : (X : Set) → List X → Set All X xs = (x : X) → x ∈ xs 8 / 67

Listable Finite Sets All X xs says that list xs has all elements of type X . All : (X : Set) → List X → Set All X xs = (x : X) → x ∈ xs A set X is listable if there is a list xs so that All X xs Listable : (X : Set) → Set Listable X = Σ [ xs ∈ List X ] All X xs 9 / 67

Listable Finite Sets All X xs says that list xs has all elements of type X . All : (X : Set) → List X → Set All X xs = (x : X) → x ∈ xs A set X is listable if there is a list xs so that All X xs Listable : (X : Set) → Set Listable X = Σ [ xs ∈ List X ] All X xs It is the same as asking for a surjection from an initial segment of N : FinSurj : (X : Set) → Set FinSurj X = Σ [ n ∈ N ] Σ [ fromFin ∈ (Fin n → X) ] ∈ (X → Fin n) ] Σ [ toFin ((x : X) → fromFin (toFin x) ≡ x) 10 / 67

Listable Finite Sets All X xs says that list xs has all elements of type X . All : (X : Set) → List X → Set All X xs = (x : X) → x ∈ xs A set X is listable if there is a list xs so that All X xs Listable : (X : Set) → Set Listable X = Σ [ xs ∈ List X ] All X xs It is the same as asking for a surjection from an initial segment of N : FinSurj : (X : Set) → Set FinSurj X = Σ [ n ∈ N ] Σ [ fromFin ∈ (Fin n → X) ] ∈ (X → Fin n) ] Σ [ toFin ((x : X) → fromFin (toFin x) ≡ x) surj2lstbl : { X : Set } → FinSurj X → Listable X lstbl2surj : { X : Set } → Listable X → FinSurj X 11 / 67

Listable Finite Sets without Duplicates NoDup xs says that the list xs has no duplicates: NoDup : { X : Set } → List X → Set NoDup { X } xs = (x : X) → (p 1 p 2 : x ∈ xs) → p 1 ≡ p 2 12 / 67

Listable Finite Sets without Duplicates NoDup xs says that the list xs has no duplicates: NoDup : { X : Set } → List X → Set NoDup { X } xs = (x : X) → (p 1 p 2 : x ∈ xs) → p 1 ≡ p 2 Now, we can define duplicate-free listability of a set: ListableNoDup : (X : Set) → Set ListableNoDup X = Σ [ xs ∈ List X ] All X xs × NoDup xs 13 / 67

Listable Finite Sets without Duplicates NoDup xs says that the list xs has no duplicates: NoDup : { X : Set } → List X → Set NoDup { X } xs = (x : X) → (p 1 p 2 : x ∈ xs) → p 1 ≡ p 2 Now, we can define duplicate-free listability of a set: ListableNoDup : (X : Set) → Set ListableNoDup X = Σ [ xs ∈ List X ] All X xs × NoDup xs This is equivalent to having a bijection from an initial segment of N : FinBij : (X : Set) → Set FinBij X = Σ [ n ∈ N ] Σ [ fromFin ∈ (Fin n → X) ] Σ [ toFin ∈ (X → Fin n) ] ((x : X) → fromFin (toFin x) ≡ x) × ((i : Fin n) → toFin (fromFin i) ≡ i) 14 / 67

Listable Finite Sets without Duplicates NoDup xs says that the list xs has no duplicates: NoDup : { X : Set } → List X → Set NoDup { X } xs = (x : X) → (p 1 p 2 : x ∈ xs) → p 1 ≡ p 2 Now, we can define duplicate-free listability of a set: ListableNoDup : (X : Set) → Set ListableNoDup X = Σ [ xs ∈ List X ] All X xs × NoDup xs This is equivalent to having a bijection from an initial segment of N : FinBij : (X : Set) → Set FinBij X = Σ [ n ∈ N ] Σ [ fromFin ∈ (Fin n → X) ] Σ [ toFin ∈ (X → Fin n) ] ((x : X) → fromFin (toFin x) ≡ x) × ((i : Fin n) → toFin (fromFin i) ≡ i) bij2lstblnd : { X : Set } → FinBij X → ListableNoDup X lstblnd2bij : { X : Set } → ListableNoDup X → FinBij X 15 / 67

Listability and Decidable Equality All four notions of finiteness ( Listable , FinSurj , ListableNoDup , FinBij ) are equivalent. 16 / 67

Listability and Decidable Equality All four notions of finiteness ( Listable , FinSurj , ListableNoDup , FinBij ) are equivalent. Indeed, equality on a listable set is decidable: lstbl2deq : { X : Set } → Listable X → DecEq X 17 / 67

Listability and Decidable Equality All four notions of finiteness ( Listable , FinSurj , ListableNoDup , FinBij ) are equivalent. Indeed, equality on a listable set is decidable: lstbl2deq : { X : Set } → Listable X → DecEq X Therefore, we can implement removal of duplicates and convert Listable to ListableNoDup : lstbl2nodup : { X : Set } → Listable X → ListableNoDup X 18 / 67

Listability and Decidable Equality All four notions of finiteness ( Listable , FinSurj , ListableNoDup , FinBij ) are equivalent. Indeed, equality on a listable set is decidable: lstbl2deq : { X : Set } → Listable X → DecEq X Therefore, we can implement removal of duplicates and convert Listable to ListableNoDup : lstbl2nodup : { X : Set } → Listable X → ListableNoDup X The other direction is trivial: nodup2lstbl : { X : Set } → ListableNoDup X → Listable X 19 / 67

Listability: Example The generic proof lstbl2deq also provides an alternative way for defining an equality decider for concrete listable types like Pauli : listablePauli : Listable Pauli listablePauli = listPauli , allPauli _ ≡ P?_ : DecEq Pauli _ ≡ P?_ = lstbl2deq listablePauli Recall that the direct implementation took | Pauli | 2 lines of code. 20 / 67

Finite Subsets We can give a special definition of listability of a subset given by a predicate on some base set: ListableSub : (U : Set) → (U → Set) → Set ListableSub U P = Σ [ xs ∈ List U ] ((x : U) → P x → x ∈ xs) × ((x : U) → x ∈ xs → P x) 21 / 67

Finite Subsets We can give a special definition of listability of a subset given by a predicate on some base set: ListableSub : (U : Set) → (U → Set) → Set ListableSub U P = Σ [ xs ∈ List U ] ((x : U) → P x → x ∈ xs) × ((x : U) → x ∈ xs → P x) Listable sets are a special case of listable subsets: lstbl2lsub : { U : Set } → Listable U → ListableSub U ( λ _ → ⊤ ) lsub2lstbl : { U : Set } → ListableSub U ( λ _ → ⊤ ) → Listable U 22 / 67

Decidable Equality for Finite Subsets In general, equality on a finite subset is not decidable: deqLstblSub : { U : Set } → (P : U → Set) → ListableSub U P → (x 1 x 2 : U) → P x 1 → P x 2 → Dec (x 1 ≡ x 2 ) deqLstblSub = ??? 23 / 67

Decidable Equality for Finite Subsets In general, equality on a finite subset is not decidable: deqLstblSub : { U : Set } → (P : U → Set) → ListableSub U P → (x 1 x 2 : U) → P x 1 → P x 2 → Dec (x 1 ≡ x 2 ) deqLstblSub = ??? If P is a mere proposition, then equality is decidable: deqLstblSub1 : { U : Set } → (P : U → Set) → ListableSub U P → ((x : U) → (p 1 p 2 : P x) → p 1 ≡ p 2 ) → (x 1 x 2 : U) → P x 1 → P x 2 → Dec (x 1 ≡ x 2 ) 24 / 67

Decidable Equality for Finite Subsets In general, equality on a finite subset is not decidable: deqLstblSub : { U : Set } → (P : U → Set) → ListableSub U P → (x 1 x 2 : U) → P x 1 → P x 2 → Dec (x 1 ≡ x 2 ) deqLstblSub = ??? If P is a mere proposition, then equality is decidable: deqLstblSub1 : { U : Set } → (P : U → Set) → ListableSub U P → ((x : U) → (p 1 p 2 : P x) → p 1 ≡ p 2 ) → (x 1 x 2 : U) → P x 1 → P x 2 → Dec (x 1 ≡ x 2 ) If the list contains no duplicates, then equality is decidable: deqLstblSub2 : { U : Set } → (P : U → Set) → (p : ListableSub U P) → NoDup (proj 1 p) → (x 1 x 2 : U) → P x 1 → P x 2 → Dec (x 1 ≡ x 2 ) 25 / 67

Pragmatic Finite Subsets If a set P is decidable, we can effectively squash P : � _ � : { P : Set } → Dec P → Set � inj 1 _ � = ⊤ � inj 2 _ � = ⊥ 26 / 67