(*D
-Matita Tutorial: inductively generated formal topologies
-========================================================
+Inductively generated formal topologies in Matita
+=================================================
This is a not so short introduction to [Matita][2], based on
the formalization of the paper
> inductive generation of formal topologies
by Stefano Berardi and Silvio Valentini.
+
The tutorial is by Enrico Tassi.
-The tutorial spends a considerable amount of effort in defining
+The reader should be familiar with inductively generated
+formal topologies and have some basic knowledge of type theory and Ξ»-calculus.
+
+A considerable part of this tutorial is devoted to explain how to define
notations that resemble the ones used in the original paper. We believe
-this is a important part of every formalization, not only from the aesthetic
+this is an important part of every formalization, not only from the aesthetic
point of view, but also from the practical point of view. Being
consistent allows to follow the paper in a pedantic way, and hopefully
to make the formalization (at least the definitions and proved
statements) readable to the author of the paper.
+The formalization uses the "new generation" version of Matita
+(that will be named 1.x when finally released).
+Last stable release of the "old" system is named 0.5.7; the ng system
+is coexisting with the old one in all development release
+(named "nightly builds" in the download page of Matita)
+with a version strictly greater than 0.5.7.
+
+To read this tutorial in HTML format, you need a decent browser
+equipped with a unicode capable font. Use the PDF format if some
+symbols are not displayed correctly.
+
Orienteering
------------
example W has Ξ©, π and π, L has Ξ, π, and π, F has Ξ¦, β¦
Variants are listed in the aforementioned TeX/UTF-8 table.
+The syntax of terms (and types) is the one of the Ξ»-calculus CIC
+on which Matita is based. The main syntactical difference w.r.t.
+the usual mathematical notation is the function application, written
+`(f x y)` in place of `f(x,y)`.
+
Pressing `F1` opens the Matita manual.
CIC (as [implemented in Matita][3]) in a nutshell
Since we are going to formalize constructive and predicative mathematics
in an intensional type theory like CIC, we try to establish some terminology.
Type is the sort of sets equipped with the `Id` equality (i.e. an intensional,
-not quotiented set). We will avoid using `Id` (Leibniz equality),
-thus we will explicitly equip a set with an equivalence relation when needed.
-We will call this structure a _setoid_. Note that we will
-attach the infix `=` symbol only to the equality of a setoid,
-not to Id.
+not quotiented set).
We write `Type[i]` to mention a Type in the predicative hierarchy
of types. To ease the comprehension we will use `Type[0]` for sets,
> Type[0] < Type[1] < Type[2]
+<object class="img" data="igft-CIC-universes.svg" type="image/svg+xml" width="400px"/>
+
For every `Type[i]` there is a corresponding level of predicative
-propositions `CProp[i]`. A predicative proposition cannot be eliminated toward
-`Type[j]` unless it holds no computational content (i.e. it is an inductive type
+propositions `CProp[i]` (the C initial is due to historical reasons, and
+stands for constructive, `PProp` would be more appropriate).
+A predicative proposition cannot be eliminated toward
+`Type[j]` unless it holds no computational content (i.e. it is an inductive proposition
with 0 or 1 constructors with propositional arguments, like `Id` and `And`
but not like `Or`).
+The distinction between predicative propositions and predicative data types
+is a peculirity of Matita (for example in CIC as implemented by Coq they are the
+same). The additional restriction of not allowing the elimination of a CProp
+toward a Type makes the theory of Matita minimal in the following sense:
+
+<object class="img" data="igft-minimality-CIC.svg" type="image/svg+xml" width="500px"/>
+
+Theorems proved in CIC as implemented in Matita can be reused in a classical
+and impredicative framework (i.e. forcing Matita to collapse the hierarchy of
+constructive propositions and assuming the excluded middle on them).
+Alternatively, one can decide to collapse predicative propositions and
+datatypes recovering the Axiom of Choice in the sense of Martin LΓΆf
+(i.e. β really holds a witness and can be eliminated to inhabit a type).
+
+This implementation of CIC is the result of the collaboration with Maietti M.,
+Sambin G. and Valentini S. of the University of Padua.
+
+Formalization choices
+---------------------
+
+There are many different ways of formalizing the same piece of mathematics
+in CIC, depending on what our interests are. There is usually a tradeoff
+between the possibility of reuse the formalization we did and its complexity.
+
+In this work, our decisions mainly regarded the following two areas
+
+- Equality: Id or not
+- Axiom of Choice: controlled use or not
+
+### Equality
+
+TODO
+We will avoid using `Id` (Leibniz equality),
+thus we will explicitly equip a set with an equivalence relation when needed.
+We will call this structure a _setoid_. Note that we will
+attach the infix `=` symbol only to the equality of a setoid,
+not to Id.
+
+### Axiom of Choice
+
+In this paper it is clear that the author is interested in using the Axiom
+of Choice, thus choosing to identify β and Ξ£ (i.e. working in the
+leftmost box of the graph "Coq's CIC (work in CProp)") would be a safe decision
+(that is, the author of the paper would not complain we formalized something
+diffrent from what he had in mind).
+
+Anyway, we may benefit from the minimality of CIC as implemented in Matita,
+"asking" the type system to ensure we do no use the Axiom of Choice elswhere
+in the proof (by mistake or as a shortcut). If we identify β and Ξ£ from the
+very beginnig, the system will not complain if we use the Axiom of Choice at all.
+Moreover, the elimination of an inductive type (like β) is a so common operation
+that the syntax chosen for the elimination command is very compact and non
+informative, hard to spot for a human being
+(in fact it is just two characters long!).
+
+We decided to formalize the whole paper without identifying
+CProp and Type and assuming the Axiom of Choice as a real axiom
+(i.e. a black hole with no computational content, a function with no body).
+
+It is clear that this approach give us full control on when/where we really use
+the Axiom of Choice. But, what are we loosing? What happens to the computational
+content of the proofs if the Axiom of Choice gives no content back?
+
+It really
+depends on when we actually look at the computational content of the proof and
+we "run" that program. We can extract the content and run it before or after
+informing the system that our propositions are actually code (i.e. identifying
+β and Ξ£). If we run the program before, as soon as the computation reaches the
+Axiom of Choice it stops, giving no output. If we tell the system that CProp and
+Type are the same, we can exhibit a body for the Axiom of Choice (i.e. a projection)
+and the extracted code would compute an output.
+
+Note that the computational
+content is there even if the Axiom of Choice is an axiom, the difference is
+just that we cannot use it (the typing rules inhibit the elimination of the
+existential). This is possible only thanks to the minimality of CIC as implemented
+in Matita.
The standard library and the `include` command
----------------------------------------------
D*)
nrecord Ax : Type[1] β {
- S :> setoid;
+ S :> Type[0];
I : S β Type[0];
- C : βa:S. I a β Ξ© ^ S
+ C : βa:S. I a β Ξ©^S
}.
(*D
D*)
ninductive cover (A : Ax) (U : Ξ©^A) : A β CProp[0] β
-| creflexivity : βa. a β U β cover ? U a
-| cinfinity : βa. βi. π a i β U β cover ? U a.
+| creflexivity : βa. a β U β cover A U a
+| cinfinity : βa. βi. π a i β U β cover A U a.
(** screenshot "cover". *)
napply cover;
nqed.
(P: Ξ©^A) (H1: P β U)
(H2: βa:A. a β P β βj: π a. π a j β¬ P): βa:A. βp: a β P. a β U β ?.
(** screenshot "def-fish-rec-1". *)
-#a; #p; napply cfish; (** screenshot "def-fish-rec-2". *)
+#a; #a_in_P; napply cfish; (** screenshot "def-fish-rec-2". *)
##[ nchange in H1 with (βb.bβP β bβU); (** screenshot "def-fish-rec-2-1". *)
napply H1; (** screenshot "def-fish-rec-3". *)
nassumption;
-##| #i; ncases (H2 a p i); (** screenshot "def-fish-rec-5". *)
+##| #i; ncases (H2 a a_in_P i); (** screenshot "def-fish-rec-5". *)
#x; *; #xC; #xP; (** screenshot "def-fish-rec-5-1". *)
@; (** screenshot "def-fish-rec-6". *)
##[ napply x
D*)
-nrecord nAx : Type[2] β {
- nS:> setoid;
+nrecord nAx : Type[1] β {
+ nS:> Type[0];
nI: nS β Type[0];
nD: βa:nS. nI a β Type[0];
nd: βa:nS. βi:nI a. nD a i β nS
D*)
+include "logic/equality.ma".
+
ndefinition image β Ξ»A:nAx.Ξ»a:A.Ξ»i. { x | βj:π a i. x = π a i j }.
notation > "ππ¦ [π term 90 a term 90 i]" non associative with precedence 70 for @{ 'Im $a $i }.
##]
nqed.
+nlemma Ax_nAx_equiv :
+ βA:Ax. βa,i. C (Ax_of_nAx (nAx_of_Ax A)) a i β C A a i β§
+ C A a i β C (Ax_of_nAx (nAx_of_Ax A)) a i.
+#A; #a; #i; @; #b; #H;
+##[ ncases A in a i b H; #S; #I; #C; #a; #i; #b; #H;
+ nwhd in H; ncases H; #x; #E; nrewrite > E;
+ ncases x in E; #b; #Hb; #_; nnormalize; nassumption;
+##| ncases A in a i b H; #S; #I; #C; #a; #i; #b; #H; @;
+ ##[ @ b; nassumption;
+ ##| nnormalize; @; ##]
+##]
+nqed.
+
(*D
We then define the inductive type of ordinals, parametrized over an axiom
D*)
-ndefinition ord_coverage : βA:nAx.βU:Ξ©^A.Ξ©^A β Ξ»A,U.{ y | βx:Ord A. y β famU ? U x }.
+ndefinition ord_coverage : βA:nAx.βU:Ξ©^A.Ξ©^A β
+ Ξ»A,U.{ y | βx:Ord A. y β famU ? U x }.
ndefinition ord_cover_set β Ξ»c:βA:nAx.Ξ©^A β Ξ©^A.Ξ»A,C,U.
βy.y β C β y β c A U.
D*)
+nlemma AC_fake : βA,a,i,U.
+ (βj:π a i.Ξ£x:Ord A.π a i j β Uβ½x) β (Ξ£f.βj:π a i.π a i j β Uβ½(f j)).
+#A; #a; #i; #U; #H; @;
+##[ #j; ncases (H j); #x; #_; napply x;
+##| #j; ncases (H j); #x; #Hx; napply Hx; ##]
+nqed.
+
naxiom AC : βA,a,i,U.
(βj:π a i.βx:Ord A.π a i j β Uβ½x) β (Ξ£f.βj:π a i.π a i j β Uβ½(f j)).
D*)
+alias symbol "exists" (instance 1) = "exists".
+alias symbol "covers" = "new covers set".
+alias symbol "covers" = "new covers".
+alias symbol "covers" = "new covers set".
+alias symbol "covers" = "new covers".
alias symbol "covers" = "new covers set".
+alias symbol "covers" = "new covers".
ntheorem new_coverage_infinity:
βA:nAx.βU:Ξ©^A.βa:A. (βi:π a. ππ¦[π a i] β U) β a β U.
#A; #U; #a; (** screenshot "n-cov-inf-1". *)
*; #i; #H; nnormalize in H; (** screenshot "n-cov-inf-2". *)
ncut (βy:π a i.βx:Ord A.π a i y β Uβ½x); ##[ (** screenshot "n-cov-inf-3". *)
- #z; napply H; @ z; napply #; ##] #H'; (** screenshot "n-cov-inf-4". *)
+ #z; napply H; @ z; @; ##] #H'; (** screenshot "n-cov-inf-4". *)
ncases (AC β¦ H'); #f; #Hf; (** screenshot "n-cov-inf-5". *)
ncut (βj.π a i j β Uβ½(Ξ f));
##[ #j; napply (ord_subset β¦ f β¦ (Hf j));##] #Hf';(** screenshot "n-cov-inf-6". *)
@ (Ξ f+1); (** screenshot "n-cov-inf-7". *)
@2; (** screenshot "n-cov-inf-8". *)
@i; #x; *; #d; #Hd; (** screenshot "n-cov-inf-9". *)
-napply (U_x_is_ext β¦ Hd); napply Hf';
+nrewrite > Hd; napply Hf';
nqed.
(*D
D[n-cov-inf-3]
After introducing `z`, `H` can be applied (choosing `π a i z` as `y`).
What is the left to prove is that `βj: π a j. π a i z = π a i j`, that
-becomes trivial if `j` is chosen to be `z`. In the command `napply #`,
-the `#` is a standard notation for the reflexivity property of the equality.
+becomes trivial if `j` is chosen to be `z`.
D[n-cov-inf-4]
Under `H'` the axiom of choice `AC` can be eliminated, obtaining the `f` and
*; #o; (** screenshot "n-cov-min-3". *)
ngeneralize in match b; nchange with (Uβ½o β V); (** screenshot "n-cov-min-4". *)
nelim o; (** screenshot "n-cov-min-5". *)
-##[ #b; #bU0; napply HUV; napply bU0;
+##[ napply HUV;
##| #p; #IH; napply subseteq_union_l; ##[ nassumption; ##]
#x; *; #i; #H; napply (Im ? i); napply (subseteq_trans β¦ IH); napply H;
##| #a; #i; #f; #IH; #x; *; #d; napply IH; ##]
D*)
naxiom AC_dual: βA:nAx.βa:A.βi,F.
- (βf:π a i β Ord A.βx:π a i.π a i x β Fβ½(f x)) β βj:π a i.βx:Ord A.π a i j β Fβ½x.
+ (βf:π a i β Ord A.βx:π a i.π a i x β Fβ½(f x))
+ β βj:π a i.βx:Ord A.π a i j β Fβ½x.
(*D
D*)
ntheorem max_new_fished:
- βA:nAx.βG:π^A.βF:Ξ©^A.G β F β (βa.a β G β βi.ππ¦[π a i] β¬ G) β G β βF.
+ βA:nAx.βG:Ξ©^A.βF:Ξ©^A.G β F β (βa.a β G β βi.ππ¦[π a i] β¬ G) β G β βF.
#A; #G; #F; #GF; #H; #b; #HbG; #o;
ngeneralize in match HbG; ngeneralize in match b;
nchange with (G β Fβ½o);
##[ napply GF;
##| #p; #IH; napply (subseteq_intersection_r β¦ IH);
#x; #Hx; #i; ncases (H β¦ Hx i); #c; *; *; #d; #Ed; #cG;
- @d; napply IH; (** screenshot "n-f-max-1". *)
- alias symbol "prop2" = "prop21".
- napply (. Ed^-1β‘#); napply cG;
+ @d; napply IH; (** screenshot "n-f-max-1". *)
+ nrewrite < Ed; napply cG;
##| #a; #i; #f; #Hf; nchange with (G β { y | βx. y β Fβ½(f x) });
#b; #Hb; #d; napply (Hf d); napply Hb;
##]
The `:` separator has to be read as _is a proof of_, in the spirit
of the Curry-Howard isomorphism.
- Ξ β’ f : A1 β β¦ β An β B Ξ β’ ?1 : A1 β¦ ?n : An
+ Ξ β’ f : A_1 β β¦ β A_n β B Ξ β’ ?_i : A_i
napply f; βΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌ
- Ξ β’ (f ?1 β¦ ?n ) : B
+ Ξ β’ (f ?_1 β¦ ?_n ) : B
Ξ β’ ? : F β B Ξ β’ f : F
nlapply f; βΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌβΌ
projects / helm.git / blobdiff