{-# OPTIONS --prop #-}
module Readme where
-- We will use String as propositional variables
open import Agda.Builtin.String using (String)
open import ListUtil
open import PropUtil
-- We can use the basic propositional logic
open import PropositionalLogic String
-- Here is an example of a propositional formula and its proof
-- The formula is (Q → R) → (P → Q) → P → R
d-C : [] ⊢ ((Var "Q") ⇒ (Var "R")) ⇒ ((Var "P") ⇒ (Var "Q")) ⇒ (Var "P") ⇒ (Var "R")
d-C = lam (lam (lam (app (zero $ next∈ $ next∈ zero∈) (app (zero $ next∈ zero∈) (zero zero∈)))))
-- We can with the basic interpretation ⟦_⟧ prove that some formulæ are not provable
-- For example, we can disprove (P → Q) → P 's provability as we can construct an
-- environnement where the statement doesn't hold
ρ₀ : Env
ρ₀ "P" = ⊥
ρ₀ "Q" = ⊤
ρ₀ _ = ⊥
cex-d : ([] ⊢ (((Var "P") ⇒ (Var "Q")) ⇒ (Var "P"))) → ⊥
cex-d h = ⟦ h ⟧ᵈ {ρ₀} tt λ x → tt
-- But this is not enough to show the non-provability of every non-provable statement.
-- Let's take as an example Pierce formula : ((P → Q) → P) → P
-- This statement is equivalent to the law of excluded middle (Tertium Non Datur)
-- We show that fact in Agda's proposition system
Pierce = {P Q : Prop} → ((P → Q) → P) → P
TND : Prop → Prop
TND P = P ∨ (¬ P)
-- Lemma: The double negation of the TND is always true
-- (You cannot show that having neither a proposition nor its negation is impossible
nnTND : {P : Prop} → ¬ (¬ (P ∨ ¬ P))
nnTND ntnd = ntnd (inj₂ λ p → ntnd (inj₁ p))
P→TND : Pierce → {P : Prop} → TND P
P→TND pierce {P} = pierce {TND P} {⊥} (λ p → case⊥ (nnTND p))
TND→P : ({P : Prop} → TND P) → Pierce
TND→P tnd {P} {Q} pqp = dis (tnd {P}) (λ p → p) (λ np → pqp (λ p → case⊥ (np p)))
-- So we have to use a model that is more powerful : Kripke models
-- With those models, one can describe a frame in which the pierce formula doesn't hold
-- As we have that any proven formula is *true* in a kripke model, this shows
-- that the Pierce formula cannot be proven
-- We import the general definition of Kripke models
open import PropositionalKripke String
-- We will now create a specific Kripke model in which Pierce formula doesn't hold
module PierceDisproof where
module PierceWorld where
data Worlds : Set where
w₁ w₂ : Worlds
data _≤_ : Worlds → Worlds → Prop where
w₁₁ : w₁ ≤ w₁
w₁₂ : w₁ ≤ w₂
w₂₂ : w₂ ≤ w₂
data _⊩_ : Worlds → String → Prop where
w₂A : w₂ ⊩ "A"
refl≤ : {w : Worlds} → w ≤ w
refl≤ {w₁} = w₁₁
refl≤ {w₂} = w₂₂
tran≤ : {w w' w'' : Worlds} → w ≤ w' → w' ≤ w'' → w ≤ w''
tran≤ w₁₁ z = z
tran≤ w₁₂ w₂₂ = w₁₂
tran≤ w₂₂ w₂₂ = w₂₂
mon⊩ : {a b : Worlds} → a ≤ b → {p : String} → a ⊩ p → b ⊩ p
mon⊩ w₂₂ w₂A = w₂A
PierceW : Kripke
PierceW = record {PierceWorld}
open Kripke PierceW
open PierceWorld using (w₁ ; w₂ ; w₁₁ ; w₁₂ ; w₂₂ ; w₂A)
-- Now we can write the «instance» of the Pierce formula which doesn't hold in our world
PierceF : Form
PierceF = (((Var "A" ⇒ Var "B") ⇒ Var "A") ⇒ Var "A")
-- Now we show that it does not hold in w₁ but holds in w₂
Pierce⊥w₁ : ¬(w₁ ⊩ᶠ PierceF)
Pierce⊤w₂ : w₂ ⊩ᶠ PierceF
-- A does not hold in w₁
NotAw₁ : ¬(w₁ ⊩ᶠ (Var "A"))
NotAw₁ ()
-- B does not hold in w₂ while A holds
NotBw₂ : ¬(w₂ ⊩ᶠ (Var "B"))
NotBw₂ ()
-- Therefore, (A → B) does not hold in w₁
NotABw₁ : ¬(w₁ ⊩ᶠ (Var "A" ⇒ Var "B"))
NotABw₁ h = NotBw₂ (h w₁₂ w₂A)
-- So the hypothesis of the pierce formula does hold in w₁
-- as its premice does not hold in w₁ and its conclusion does hold in w₂
PierceHypw₁ : w₁ ⊩ᶠ ((Var "A" ⇒ Var "B") ⇒ Var "A")
PierceHypw₁ w₁₁ x = case⊥ (NotABw₁ x)
PierceHypw₁ w₁₂ x = w₂A
-- So, as the conclusion of the pierce formula does not hold in w₁, the pierce formula doesn't hold.
Pierce⊥w₁ h = case⊥ (NotAw₁ (h w₁₁ PierceHypw₁))
-- Finally, the formula holds in w₂ as its conclusion is true
Pierce⊤w₂ w₂₂ h₂ = w₂A
-- So, if pierce formula would be provable, it would hold in w₁, which it doesn't
-- therefore it is not provable CQFD
PierceNotProvable : ¬([] ⊢ PierceF)
PierceNotProvable h = Pierce⊥w₁ (⟦ h ⟧ {w₁} tt)
module CompletenessAndNormalization where
-- With Kripke models, we can even prove completeness
-- Using the Universal Kripke Model
completenessQuote = CompletenessProof.⊩ᶠ→⊢
completenessUnquote = CompletenessProof.⊢→⊩ᶠ
-- With a slightly different universal model (using normal and neutral forms),
-- we can make a normalization proof
normalizationQuote = NormalizationProof.⊩ᶠ→⊢
normalizationUnquote = NormalizationProof.⊢→⊩ᶠ
-- This normalization proof has been made in the biggest Kripke model possible
-- that is, the one using the relation ⊢⁰⁺
-- But we can also prove it with tighter relations: ∈*, ⊂⁺, ⊂, ⊆
-- As all those proofs are really similar, we created a NormalizationFrame structure
-- that computes most of the proof with only a few lemmas
open import PropositionalKripkeGeneral String
-- We now have access to quote and unquote functions with this
u1 = NormalizationFrame.u NormalizationTests.Frame⊢
q1 = NormalizationFrame.q NormalizationTests.Frame⊢
u2 = NormalizationFrame.u NormalizationTests.Frame⊢⁰
q2 = NormalizationFrame.q NormalizationTests.Frame⊢⁰
u3 = NormalizationFrame.u NormalizationTests.Frame∈*
q3 = NormalizationFrame.q NormalizationTests.Frame∈*
u4 = NormalizationFrame.u NormalizationTests.Frame⊂⁺
q4 = NormalizationFrame.q NormalizationTests.Frame⊂⁺
u5 = NormalizationFrame.u NormalizationTests.Frame⊂
q5 = NormalizationFrame.q NormalizationTests.Frame⊂
u6 = NormalizationFrame.u NormalizationTests.Frame⊆
q6 = NormalizationFrame.q NormalizationTests.Frame⊆