[Agda] Re: [Coq-Club] Positivity condition and nested recursion

Andreas Abel andreas.abel at ifi.lmu.de
Tue May 15 09:30:42 CEST 2012 

Hello Robert,

MiniAgda also accepts your definition:

data Nat
{ zero
; suc (pred : Nat)
}

data Lt : Nat -> Nat -> Set
{ ltZ (   y : Nat)              : Lt zero    (suc y)
; ltS (x, y : Nat)(lt : Lt x y) : Lt (suc x) (suc y)
}

data List ++(A : Set)
{ nil
; cons (head : A) (tail : List A)
}

fun length : [A : Set] -> List A -> Nat
{ length A nil         = zero
; length A (cons a as) = suc (length A as)
}

data Val
{ vnat   (nat : Nat)
; varray (list : List Val) (nonEmpty : Lt zero (length Val list))
}

In fact, it is not difficult to see this.  One just needs the right 
concepts. ;-)

The length function is constant in the type argument A, this is 
indicated by the [A : Set] notation (as opposed to (A : Set)).  To check 
that Val is a valid inductive type, you need to check for varray that

1) List is strictly positive in its first argument.
    Yes, we have List : ++Set -> Set.

2) Lt zero (length _ list)  is strictly positive in _.
    Yes, because length is constant in _.

That's it!

I think Agda does essentially the same, only that it is inferred 
automagically, as opposed to just checking as in MiniAgda.

Cheers,
Andreas

On 10.05.12 1:23 AM, Robbert Krebbers wrote:
> Hello Cédric and Stéphane,
>
> thanks for the answers!
>
> On 05/09/2012 04:19 PM, AUGER Cédric wrote:
>> Do you not see why the strict positivity condition does not hold, or do
>> you not see why the strict positivity condition is not fit to allow what
>> you wrote and should be refined to allow it ?
>
> Initially both. But after Stéphane's answer, I was clear that the
> definition in the reference manual disallows it due to the implicit
> argument of length.
>
>> For the second point, things are less obvious, and I know there are
>> cases where it could be allowed without breaking consistency.
>
> Russell O’Connor's example at #coq
>
> Inductive val : Type := bad : ((fun X : Type => X -> X) val) -> val
>
> clearly showed me why functions in constructor arguments are unsafe in
> general.
>
> However, Agda allows my definition! But apparently it is non-trivial to
> type check, see [1].
>
> Robbert
>
> [1] https://lists.chalmers.se/pipermail/agda/2012/003992.html
>

-- 
Andreas Abel  <><      Du bist der geliebte Mensch.

Theoretical Computer Science, University of Munich
Oettingenstr. 67, D-80538 Munich, GERMANY

andreas.abel at ifi.lmu.de
http://www2.tcs.ifi.lmu.de/~abel/

More information about the Agda mailing list