proof,agda,idris,proof-of-correctness,isar

Coq has extensive libraries covering real analysis. Various developments come to mind: the standard library and projects building on it such as the now defunct coqtail project [1] (with extensive coverage of power series and quite a bit of work on Complex numbers) or the more recent coquelicot. All of...

There was a recent email by Nils Anders Danielsson at the agda-dev mailing list precisely about this. I cannot find it online, so here is a quote: Conor uses lots of instance arguments in "How to Keep Your Neighbours in Order". However, his code was written using the old variant...

In your first example the expression rr aa has type Set, because it is the result of the application of aa of type S to the function rr of type S -> Set. The type signature of your function demands a result type of R a though. Given the naming...

Yes, the arguments in curly braces {} are implicit and they only need to be supplied or matched if agda cannot figure them out. It is necessary to specify them, since dependent types needs to refer to the values they depend on, but dragging them around all the time would...

Agda doesn't have any special syntax for partial application of operators. You can, however, use the operators in their usual prefix version: x + y = _+_ x y This is convenient when you need to partially apply leftmost argument(s): _+_ 1 = λ x → 1 + x When...

It's really odd that people think pattern matching on types is bad. We get a lot of mileage out of pattern matching on data which encode types, whenever we do a universe construction. If you take the approach that Thorsten Altenkirch and I pioneered (and which my comrades and I...

That's about the inspect idiom. Check the original thread and this stackoverflow question. The current version of inspect in the standard library is from this thread (there are also some explanations). If you delete the definition of _==_, then you can define compileme as open import Relation.Binary.PropositionalEquality renaming (_≡_ to...

Side channel attacks are for instance timing attacks, e.g. you can get information about the secrets by measuring timing differences when using different inputs. It is already hard to do this right in a low level language like C where you have lots of control about processor instructions, cache handling,...

The problem is that your definition of PEq' tells us that it works for any A from Set. However, _Tauto'_ only works for the one particular A that the user provides as the module parameter to Level0Equality. Let me demonstrate it with an example: open Level0Equality Bool _Tauto'_ : Bool...

pattern-matching,proof,agda,dependent-type

You can use the Agda keyword rewrite to apply a propositional equivalence on your goal: insertCorrect : ∀ {n} -> ∀ x l -> sorted n l -> sorted (n ⊓ x) (insert x l) insertCorrect {n} x nil p with intDec n x insertCorrect {n} x nil p |...

I done it myself: data Pair (A : Set) (B : A → Set) : Set where pair : (a : A) → (B a) → Pair A B pairEq : (A : Set) → (B : A → Set) → (a : A) → (b₁ b₂ : B a)...

monads,substitution,agda,parametric-polymorphism

Something like the following perhaps? The important thing is how you represent variables. The answer is that in a typed setting, variables need to be indexed by a type. If you make that change, everything more or less follows... module Temp2 where open import Data.Unit open import Data.Empty open import...

I don't think there is exactly your coerce function. However, it's a special case of a more general function - subst (the substitutive property of equality) from Relation.Binary.PropositionalEquality: subst : ∀ {a p} {A : Set a} (P : A → Set p) {x y : A} → x ≡...

You just need to rewrite in the another direction: open import Relation.Binary.PropositionalEquality insert : ∀ {A n} -> A -> T A n -> T A (suc n) insert x empty = leaf x insert x (leaf y) = bal (leaf y) (leaf y) insert x (bal l r) =...

If you have a function A → B and you know that B has a well-founded relation, you can construct a well-founded relation on A: _<_ : B → B → Set f : A → B _≺_ : A → A → Set x ≺ y = f x...

equality,proof,agda,dependent-type,heterogeneous

In fact it should be easy to show that get (ρ′ , x′) equals get (ε ∷ ρ′ , suc⁺ x′). First, the reason that Agda does not see this equality is that the functions suc⁺ doesn't reduce for an argument of a general form x'. This is because...

types,functional-programming,agda,dependent-type

That's why Agda has dot patterns: accCorrect : (r : RE) (s : List Char) (s1 : List Char) (s2 : List Char) (k : (List Char -> Bool)) -> ( (s1 ++ s2) ≡ s) -> (REMatch s1 r) -> (k s2 ≡ true) -> (acc r s k...

Yes, Agda determines what belongs to a module by indentation. However, the (unique) top-level module is an exception - what belongs there is unambiguous, it's the whole file! This means you can use both styles. I personally go with no indentation, it's slightly more readable and consistent with the stdlib...

You were on the right track with your listSplit lemma. You can use that function to learn whether the target element is on the left or right side of a Tree. This is the relevant line from my implementation inTreeThenInorder x (branch y l r) e with listSplit x (inOrder...

Let's start with the postulate. The syntax is simply: postulate name : type This asserts that there exists some value of type type called name. Think of it as axioms in logic - things that are defined to be true and are not be questioned (by Agda, in this case)....

What you describe is not currying. It's a simple swapping of arguments. Here's how currying looks like: open import Data.Product hiding (curry) -- non-dependent version curry′ : ∀ {a b c} {A : Set a} {B : Set b} {C : Set c} → (A × B → C) →...

Just do not pattern-match on p x: predicate {A} {p} {xs = []} = all[] predicate {A} {p} {x :: xs} with inspect (p x) predicate {A} {p} {x :: xs} | it true pf rewrite pf = {!!} predicate {A} {p} {x :: xs} | it false pf rewrite...

A first attempt We can define a data type for that: data _>>=ᵗ_ {α β} {A : Set α} : (mx : Maybe A) -> (A -> Set β) -> Set (α ⊔ β) where nothingᵗ : ∀ {B} -> nothing >>=ᵗ B justᵗ : ∀ {B x} -> B...

I'm trying to understand this part: list-any (=ℕ 0) l ≡ tt Is (=ℕ 0) ≡ (pred : A → ð¹) and l ≡ (l : ð A)? You're correct in that _=ℕ_ 0 is substituted for pred. _=ℕ_ 0 means the result of applying the function _=ℕ_ to...

I needed to install new fonts... I used this http://dejavu-fonts.org/wiki/Download and then installed using Font Books. The issue was then resolved!

Boring imports: open import Relation.Nullary open import Relation.Nullary.Decidable open import Relation.Binary.Core open import Data.Bool hiding (_≟_) open import Data.Nat Now let's ask Agda, what she thinks: myeqtest : ℕ -> ℕ -> Bool myeqtest x y = {!x ≟ y!} C-C C-d in the hole gives Dec (x ≡ y)....

You can programmatically generate proofs using Agda's reflection capability. Here's an example of your problem solved with a reusable tactic. I threw this together for this question, so I'm not promising that it's the most robust tactic. It should give you a sense of how to tackle problems like this...

You can make this work by using instance arguments, the Agda alternative to type classes. Unfortunately, the Agda library hasn't been written with instance arguments in mind (yet), so you have to define the Eq class and the instances for Char and String yourself: open import Data.Bool open import Data.Char...

Just sharing the complete solution... open import Coinduction open import Data.Nat module Simple where data Stream (A : Set) : Set where _∷_ : A → ∞ (Stream A) → Stream A infix 4 _∈_ data _∈_ {A : Set} : A → Stream A → Set where here :...

Agda 2.4.3 displays x : .A × .B. You can use the abstract keyword: abstract _×_ : Set -> Set -> Set A × B = Σ (\ (_ : A) -> B) fst' : ∀ {A B} -> A × B -> A fst' (x , y) = x...

The basic idea behind Agda's ↔ is to package up two functions with two proofs of roundtripping, which is easy enough to do in Idris as well: infix 7 ~~ data (~~) : Type -> Type -> Type where MkIso : {A : Type} -> {B : Type} -> (to...

You can write something like this: isCut : cut → (p q : pair) → Bool isCut x p q = (((p mem (getLC x)) ∨ (p mem (getRC x)))) ∧ ((not (p mem getLC x)) ∨ (not (p mem getRC x))) ∧ (not (p <pair q) ∨ ((p mem...

constructor,agda,theorem-proving,disjoint-union

The data type constructors are disjoint. I'd say it's a theorem in Agda's type-system meta-theory. You can try to case the eq proof (C-c C-c), and Agda will find the contradiction: lemma : ∀ {a b} {A : Set a} {B : Set b} {x : A} {y : B}...

With the way you set up your data type, you cannot really pattern match on values with non-trivial index in any meaningful way. The problem is of course that Agda cannot (in general) solve the unification of xs \\ mem and nil. The way pattern matching is set up, you...

Imports: open import Level hiding (zero; suc) open import Function open import Relation.Binary.HeterogeneousEquality renaming (sym to hsym; trans to htrans; cong to hcong; subst to hsubst) open import Relation.Binary.PropositionalEquality open import Data.Nat open import Data.Fin hiding (_+_) open import Algebra open import Data.Nat.Properties module ℕplus = CommutativeSemiring commutativeSemiring I've rearranged...

"For any" is universal quantification, which translates into dependent function types. As an example, let's take the following theorem: For any natural number n greater than zero, there exists a natural number m, such that S(m) = n. open import Data.Nat open import Data.Product open import Relation.Binary.PropositionalEquality theorem : (n...