# Interactive Theorem Proving¶

Idris supports interactive theorem proving via elaborator reflection.

:ref:’elaborator-reflection’ is also used to convert high-level Idris code into the core language and for customising the language. Here we show how to use it to interactively construct proofs.

The primary purpose of the elaboration mechanism is to elaborate Idris and so it is not optimised to work as a proof assistant, however it can interactively construct proofs as described on this page.

## Elab and Pruviloj Libraries¶

Elaborator reflection is defined in prelude/Language/Reflection/Elab.idr and pruviloj is defined in Idris-dev/libs/pruviloj/

`Elab`

defines the basics such as: solve, attack, intro, compute,
rewriteWith and others.
`pruviloj`

defines some more advanced derived commands such as:
reflexivity and others.

To use `pruviloj`

call Idris with the “-p pruviloj” option and add:

```
import Pruviloj
import Pruviloj.Induction
```

to the top of your file.

It is useful to get the docs at the REPL by using the `:doc`

command, and
search the docstrings using `:apropos`

. So to introduce the functions from
Elab and Pruviloj, that we will need for the following example, here are
their docstrings:

```
*plusReducesZ> :doc solve
Language.Reflection.Elab.Tactics.solve : Elab ()
Substitute a guess into a hole.
```

```
*plusReducesZ> :doc attack
Language.Reflection.Elab.Tactics.attack : Elab ()
Convert a hole to make it suitable for bindings - that is, transform
it such that it has the form ?h : t . h as opposed to ?h : t . f h.
The binding tactics require that a hole be directly under its binding,
or else the scopes of the generated terms won't make sense. This
tactic creates a new hole of the proper form, and points the old hole
at it.
```

```
*plusReducesZ> :doc intro
Language.Reflection.Elab.Tactics.intro : (n : TTName) -> Elab ()
Introduce a lambda binding around the current hole and focus on the
body. Requires that the hole be in binding form (use attack).
Arguments:
n : TTName -- the name to use for the argument
```

```
*plusReducesZ> :doc compute
Language.Reflection.Elab.Tactics.compute : Elab ()
Normalise the goal.
```

```
*plusReducesZ> :doc rewriteWith
Language.Reflection.Elab.Tactics.rewriteWith : Raw -> Elab ()
Attempt to rewrite the goal using an equality.
The tactic searches the goal for applicable subterms, and constructs a
context for replace using them. In some cases, this is not possible,
and replace must be called manually with an appropriate context.
Because this tactic internally introduces a let binding, it requires
that the hole be immediately under its binder (use attack if it might
not be).
```

Here is the command from pruviloj that we will need for the example on this page:

```
*plusReducesZ> :doc reflexivity
Pruviloj.Core.reflexivity : Elab ()
A special-purpose tactic that attempts to solve a goal using Refl.
This is useful for ensuring that goals in fact are trivial when
developing or testing other tactics; otherwise, consider using search.
```

## Interactive Example: plusReduces¶

One way to write proofs interactively is to write the general *structure* of
the proof, and use the interactive mode to complete the details.
Consider the following definition, proved in Theorem Proving:

```
plusReduces : (n:Nat) -> plus Z n = n
```

We’ll be constructing the proof by *induction*, so we write the cases for `Z`

and `S`

, with a recursive call in the `S`

case giving the inductive
hypothesis, and insert *holes* for the rest of the definition:

```
import Pruviloj
import Pruviloj.Induction
plusReducesZ' : (n:Nat) -> n = plus n Z
plusReducesZ' Z = ?plusredZ_Z
plusReducesZ' (S k) = let ih = plusReducesZ' k in
?plusredZ_S
```

On running , two global names are created, `plusredZ_Z`

and
`plusredZ_S`

, with no definition.

```
*theorems> : idris plusReducesZ.idr -p pruviloj
. / _/___/ /____(_)____
/ // __ / ___/ / ___/ Version 1.2.0
_/ // /_/ / / / (__ ) http://www.idris-lang.org/
/___/\__,_/_/ /_/____/ Type :? for help
Idris is free software with ABSOLUTELY NO WARRANTY.
For details type :warranty.
Holes: Main.plusredZ_S, Main.plusredZ_Z
```

This tells us that we have two holes Main.plusredZ_S and Main.plusredZ_Z. We can solve
these separately, `plusredZ_Z`

is the simplest so we will do that first.

The `:elab plusredZ_Z`

command enters interactive elaboration mode, which can be used to
complete the missing definition for plusredZ_Z.

```
*plusReducesZ> :elab plusredZ_Z
---------- Goal: ----------
{hole_0} : 0 = 0
```

This has been normalised to `0 = 0`

so now we have to prove that `0`

equals `0`

, which
is easy to prove by reflexivity from the pruviloj library:

This tells us that the proof is complete. We can now leave the interactive mode which
we entered with the `:elab`

command. We do this with the `:qed`

command:

```
-Main.plusredZ_Z> :qed
Proof completed!
Main.plusredZ_Z = %runElab (do reflexivity)
Holes: Main.plusredZ_S
```

This gives us a trace of the proof which is `plusredZ_Z = %runElab (do reflexivity)`

. We
can cut & paste this into the hole in the original file. This also tells us that we
have another hole `Main.plusredZ_S`

remaining.

This remaining proof is bit more complicated, the following diagram gives an overview:

We approach this remaining proof in the same way by using the `:elab`

command:

```
*plusReducesZ> :elab plusredZ_S
---------- Goal: ----------
{hole_0} : (k : Nat) -> (k = plus k 0) -> S k = S (plus k 0)
```

In this case, the goal is a function type, using `k`

(the argument
accessible by pattern matching) and `ih`

— the local variable
containing the result of the recursive call. We can introduce these as
assumptions using the `intro`

tactic twice. The parameter is entered as
a constant of type `TTName`

which is entered as a backtick with double
braces `{{ih}}. This gives:

```
-Main.plusredZ_S> intro `{{k}}
---------- Assumptions: ----------
k : Nat
---------- Goal: ----------
{hole_0} : (k = plus k 0) -> S k = S (plus k 0)
-Main.plusredZ_S> intro `{{ih}}
---------- Assumptions: ----------
k : Nat
ih : k = plus k 0
---------- Goal: ----------
{hole_0} : S k = S (plus k 0)
```

We know, from the type of `ih`

, that `k = plus k 0`

, so we would
like to use this knowledge to replace `plus k 0`

in the goal with
`k`

. We can achieve this with the `rewriteWith`

tactic:

```
-Main.plusredZ_S> rewriteWith (Var `{{ih}})
---------- Assumptions: ----------
k : Nat
ih : k = plus k 0
---------- Goal: ----------
{hole_0} : S k = S k
```

The `rewriteWith`

tactic takes an equality proof as an argument, and tries
to rewrite the goal using that proof. The ih value is entered as a constant
of type `TTName`

which is entered as a backtick with double braces {{ih}} but
``rewriteWith` requires an expression of type `Raw`

, rather than just a name,
so the Var constructor is used to make a variable. Here, it results in an equality
which is trivially provable using reflexivity:

```
-Main.plusredZ_S> reflexivity
plusredZ_S: No more goals.
-Main.plusredZ_S> :qed
Proof completed!
Main.plusredZ_S = %runElab (do intro `{{k}}
intro `{{ih}}
compute
rewriteWith (Var `{{ih}})
reflexivity)
```

Again, we can cut & paste this into the hole in the original file.