Agda (theorem prover)

Agda is a dependently typed functional programming language originally developed by Ulf Norell at Chalmers University of Technology with implementation described in his PhD thesis. The original Agda system was developed at Chalmers by Catarina Coquand in 1999. The current version, originally named Agda 2, is a full rewrite, which should be considered a new language that shares a name and tradition.

Agda is also a proof assistant based on the ''propositions-as-types'' paradigm (Curry–Howard correspondence), but unlike Rocq, has no separate ''tactics'' language, and proofs are written in a functional programming style. The language has ordinary programming constructs such as data types, pattern matching, records, let expressions and modules, and a Haskell-like syntax. The system has Emacs, Atom, and VS Code interfaces but can also be run in batch processing mode from a command-line interface.

Agda is based on Zhaohui Luo's unified theory of dependent types (UTT), a type theory similar to Martin-Löf type theory.

Agda is named after the Swedish song "Hönan Agda", written by Cornelis Vreeswijk, which is about a hen named Agda. This alludes to the name of the theorem prover Coq, which was named after Thierry Coquand.

Features

Inductive types

The main way of defining data types in Agda is via inductive data types which are similar to algebraic data types in non-dependently typed programming languages.

Here is a definition of Peano numbers in Agda:

data ℕ : Set where
zero : ℕ
suc : ℕ → ℕ

Basically, it means that there are two ways to construct a value of type $\mathbb$, representing a natural number. To begin, zero is a natural number, and if n is a natural number, then suc n, standing for the successor of n, is a natural number too.

Here is a definition of the "less than or equal" relation between two natural numbers:

data _≤_ : ℕ → ℕ → Set where
z≤n : → zero ≤ n
s≤s : → n ≤ m → suc n ≤ suc m

The first constructor, z≤n, corresponds to the axiom that zero is less than or equal to any natural number. The second constructor, s≤s, corresponds to an inference rule, allowing to turn a proof of n ≤ m into a proof of suc n ≤ suc m. So the value s≤s (z≤n ) is a proof that one (the successor of zero), is less than or equal to two (the successor of one). The parameters provided in curly brackets may be omitted if they can be inferred.

Dependently typed pattern matching

In core type theory, induction and recursion principles are used to prove theorems about inductive types. In Agda, dependently typed pattern matching is used instead. For example, natural number addition can be defined like this:

add zero n = n
add (suc m) n = suc (add m n)

This way of writing recursive functions/inductive proofs is more natural than applying raw induction principles. In Agda, dependently typed pattern matching is a primitive of the language; the core language lacks the induction/recursion principles that pattern matching translates to.

Metavariables

One of the distinctive features of Agda, when compared with other similar systems such as Coq, is heavy reliance on metavariables for program construction. For example, one can write functions like this in Agda:

add : ℕ → ℕ → ℕ
add x y = ?

? here is a metavariable. When interacting with the system in Emacs mode, it will show the user the expected type and allow them to refine the metavariable, i.e., to replace it with more detailed code. This feature allows incremental program construction in a way similar to tactics-based proof assistants such as Coq.

Proof automation

Programming in pure type theory involves a lot of tedious and repetitive proofs. Although Agda has no separate tactics language, it is possible to program useful tactics within Agda. Typically, this works by writing an Agda function that optionally returns a proof of some property of interest. A tactic is then constructed by running this function at type-checking time, for example using the following auxiliary definitions:

data Maybe (A : Set) : Set where
Just : A → Maybe A
Nothing : Maybe A

data isJust : Maybe A → Set where
auto : ∀ → isJust (Just x)

Tactic : ∀ (x : Maybe A) → isJust x → A
Tactic Nothing ()
Tactic (Just x) auto = x

(The pattern (), called ''absurd'', matches if the type checker finds that its type is uninhabited, i.e. proves that it stands for a false proposition, typically because all possible constructors have arguments that are unavailable, i.e. they have unsatisfiable premisses. Here no value of type isJust A can be constructed because, in that context, no value of type A exists to which we could apply the constructor Just. The right hand side is omitted from any equation that contains absurd patterns.) Given a function check-even : (n : $\mathbb$) → Maybe (Even n) that inputs a number and optionally returns a proof of its evenness, a tactic can then be constructed as follows:

check-even-tactic : → isJust (check-even n) → Even n
check-even-tactic = Tactic (check-even n)

lemma0 : Even zero
lemma0 = check-even-tactic auto

lemma2 : Even (suc (suc zero))
lemma2 = check-even-tactic auto

The actual proof of each lemma will be automatically constructed at type-checking time. If the tactic fails, type-checking will fail.

Further, to write more complex tactics, Agda supports automation via reflective programming (reflection). The reflection mechanism allows quoting program fragments into, or unquoting them from, the abstract syntax tree. The way reflection is used is similar to the way Template Haskell works.

Another mechanism for proof automation is proof search action in Emacs mode. It enumerates possible proof terms (limited to 5 seconds), and if one of the terms fits the specification, it will be put in the meta variable where the action is invoked. This action accepts hints, e.g., which theorems and from which modules can be used, whether the action can use pattern matching, etc.

Termination checking

Agda is a total functional programming language, i.e., each program in it must terminate and all possible patterns must be matched. Without this feature, the logic behind the language becomes inconsistent, and it becomes possible to prove arbitrary statements. For termination checking, Agda uses the approach of the Foetus termination checker.Abel, Andreas. "foetus – Termination checker for simple functional programs." ''Programming Lab Report'' 474 (1998)

/ref>

Standard library

Agda has an extensive de facto standard library, which includes many useful definitions and theorems about basic data structures, such as natural numbers, lists, and vectors. The library is in beta, and is under active development.

Unicode

One of the more notable features of Agda is a heavy reliance on Unicode in program source code. The standard Emacs mode uses shortcuts for input, such as \Sigma for Σ.

Backends

There are two compiler backends, MAlonzo for Haskell and one for JavaScript.

See also

* List of proof assistants

References

Further reading

*
*

External links

*

Introduction to Agda
a five-part YouTube playlist by Daniel Peebles

Brutal Introduction to Dependent Types in Agda


* ttps://www.youtube.com/playlist?list=PLtIZ5qxwSNnzpNqfXzJjlHI9yCAzRzKtx HoTTEST Summer School 2022 66 lectures on Homotopy Type Theory, including many introductory lectures and exercises on Agda

{{Chalmers University of Technology

Programming languages
Dependently typed languages
Functional languages
Pattern matching programming languages
Academic programming languages
Statically typed programming languages
Proof assistants
Free software programmed in Haskell
Haskell programming language family
Cross-platform free software
Free and open source compilers
Chalmers University of Technology
Programming languages created in 2007
2007 software

Articles with example Haskell code