Interactive Theorem Proving in Lean

Compact course
Heidelberg Graduate School
Mathematical and Computational Methods for the Sciences

Florent Schaffhauser
Heidelberg University

Outline of the lectures

• Lecture 1: An introduction to Lean
• Lecture 2: Tactics
• Lecture 3: Dependent types
• Lecture 4: Algebraic structures

Recap from Lecture 3

• Besides simply-typed functions, we can define type formers, polymorphic functions and type families.
• From a type family F : X → Type, we define an associated -type (the type of dependent pairs (x : X) × (F x)) and an associated -type (the type of dependent functions (x : X) → F x).
• Given a predicate P : X → Prop, the proposition ∃ x : X, P x is the proposition whose proofs are constructed using dependent pairs (x : X) × (P x). And a proof of the proposition ∀ x : X, P x is a dependent function (x : X) → P x.
• In this lecture, we will see how to formalize basic algebraic structures.

Lecture 4 - Algebraic structures

1. Semigroups
2. Monoids
3. Group project (pun intended)

Practice files

In this lecture, we explore basic algebraic stuctures. The group project will be conducted in that direction. If you prefer to work on a different topic, here are two suggestions:

• The exercises from the logic file (Lecture 2).
• The advanced tactics file (Lecture 3).

Logic Advanced tactics

Semigroups

For convenience, we call a curried function of signature M → M → M an operation on M.

def Op (M : Type) : Type := M → M → M

• We want to think of semigroups as dependent tuples consisting of a type M and an operation μ : Op M, such that μ is associative.
• From the type-theoretic point of view, this can be viewed as a dependent triple ⟨M, μ, p⟩ where p is a proof that μ is associative, meaning that p is a term of type
  ∀ x y z : M, μ (μ x y) z = μ x (μ y z).
• The point of having the associativity property of μ be a proposition is to guarantee that we can identify ⟨M, μ, p⟩ and ⟨M, μ, p'⟩ whenever p and p' are both proofs of the associativity property of μ.

The type of semigroups

We choose to define the proposition IsSemigroup M μ as a structure (which, we recall, is essentially an inductive type with only one constructor). At this stage, it would also be possible to declare it as a Prop-valued function instead (using the keyword def).

structure IsSemigroup (M : Type) (μ : Op M) : Prop where
  assoc : ∀ x y z : M, μ (μ x y) z = μ x (μ y z)

Technically, we are defining the type of semigroups as a -type, namely:

where Magma := (M : Type) × Op M is itself a -type. For our purposes in this lecture, we only need the predicate IsSemigroup, not the type Semigroup.

Constructing semigroups

How do we show that is a semigroup? By definition, we have to prove the associativity property of Nat.add : Nat → Nat → Nat. This is done as follows.

def isSemigroupNatAdd : IsSemigroup Nat (· + ·) where
  assoc := Nat.add_assoc  -- found by `exact?`

• Using the keyword where actually helps here (compared to using :=).
• Note that we can use (· + ·) as notation for Nat.add, which is quite nice from the point of view of mathematical notation.
• In the group project, you will show similarly that is a semigroup.

Extending structures

Let us define monoids as semigroups that admit a neutral element. We can do that by extending the IsSemigroup structure (this would not be possible if we had passed IsSemigroup as a Prop-valued function).

structure IsMonoid (M : Type) (μ : Op M) extends (IsSemigroup M μ : Prop) : Prop where
  neutral : ∃ (e : M), ∀ x : M, (μ e x = x) ∧ (μ x e = x)

In the project, you will be asked to prove the following:

def isMonoidNatAdd : IsMonoid Nat (· + ·) where
  assoc   := by
    sorry
  neutral := by
    sorry

Functions created automatically from a structure

From the IsSemigroup structure, we get a projection map to the assoc field of the structure.

#check @IsSemigroup.assoc  -- @IsSemigroup.assoc : ∀ {M : Type} {μ : Op M}, 
  IsSemigroup M μ → ∀ (x y z : M), μ (μ x y) z = μ x (μ y z)

#check isSemigroupNatAdd.assoc  -- isSemigroupNatAdd.assoc : ∀ (x y z : Nat), x + y + z = x + (y + z)

Similarly, from the IsMonoid structure, we get a projection IsMonoid.neutral. But we also get a map to IsSemigroup, which formalises the fact that (by definition) if ⟨M, μ⟩ is a monoid, then it is a semigroup.

#check IsMonoid.toIsSemigroup  -- @IsMonoid.toIsSemigroup : ∀ {M : Type u_1} {μ : Op M}, 
  IsMonoid M μ → IsSemigroup M μ

Subtypes

• We could have defined the predicate IsMonoid on triples ⟨M, μ, e⟩ where M is a type, μ is an operation on M and eis an element M. The advantage is that this gives access to the neutral element e of M.
• But the disadvantage is that the type of monoids is no longer immediately seen to be a subtype of the type of semigroups (because of the extra piece of data e : M).
• The take-away is that, in order to formalise mathematical definitions, you have to make design choices, and these may influence your proofs afterwards.

Property versus data

• In general, it is good hygiene to separate property from data (similar to command vs. query in other progamming languages). We can also make the case that we should not have included the existential quantifier in the definition of a monoid: the predicate should be IsMonoid M μ e (otherwise it is not clear whether we can extract an explicit neutral element).
• However, in this specific case, the two approaches are equivalent because, as we know, if there exists an element e : M with the property that ∀ x : M, (μ e x = x) ∧ (μ x e = x), then this element is unique...
• In the project, you will be asked to show this and to try to actually construct a function that sends a monoid to its neutral element.

Group project

In the project file, you will be asked to:

1. State and prove a theorem that says that, if ⟨M, μ⟩ is a semigroup that admits a neutral element, then such an element is unique.
2. Formalise the definition of a group as a subtype of the type of monoids.
3. Prove that ⟨ℤ, (· + ·)⟩ is a group.
4. Extend the former definitions to the commutative case and prove that ⟨ℤ, (· + ·)⟩ is a commutative group.

Feedback on the workshop

Before we start working on the project files, I would like to ask for 5 minutes of your time, to give feedback on the workshop if you have not done it yet:

Online survey

Thanks!

Project files

Here are two project topics for you to work on:

• A project on the definition of a group.
• A more advanced project on inner automorphisms of the general linear group.

Group project Inner automorphisms