Release notes for Agda 2 version 2.2.8
======================================

Language
--------

* Record pattern matching.

  It is now possible to pattern match on named record constructors.
  Example:

  ```agda
  record Σ (A : Set) (B : A → Set) : Set where
    constructor _,_
    field
      proj₁ : A
      proj₂ : B proj₁

  map : {A B : Set} {P : A → Set} {Q : B → Set}
        (f : A → B) → (∀ {x} → P x → Q (f x)) →
        Σ A P → Σ B Q
  map f g (x , y) = (f x , g y)
  ```

  The clause above is internally translated into the following one:

  ```agda
  map f g p = (f (Σ.proj₁ p) , g (Σ.proj₂ p))
  ```

  Record patterns containing data type patterns are not translated.
  Example:

  ```agda
  add : ℕ × ℕ → ℕ
  add (zero  , n) = n
  add (suc m , n) = suc (add (m , n))
  ```

  Record patterns which do not contain data type patterns, but which
  do contain dot patterns, are currently rejected. Example:

  ```agda
  Foo : {A : Set} (p₁ p₂ : A × A) → proj₁ p₁ ≡ proj₁ p₂ → Set₁
  Foo (x , y) (.x , y′) refl = Set
  ```

* Proof irrelevant function types.

  Agda now supports irrelevant non-dependent function types:

  ```agda
  f : .A → B
  ```

  This type implies that `f` does not depend computationally on its
  argument. One intended use case is data structures with embedded
  proofs, like sorted lists:

  ```agda
  postulate
    _≤_ : ℕ → ℕ → Set
    p₁  : 0 ≤ 1
    p₂  : 0 ≤ 1

  data SList (bound : ℕ) : Set where
    []    : SList bound
    scons : (head : ℕ) →
            .(head ≤ bound) →
            (tail : SList head) →
            SList bound
  ```

  The effect of the irrelevant type in the signature of `scons` is
  that `scons`'s second argument is never inspected after Agda has
  ensured that it has the right type. It is even thrown away, leading
  to smaller term sizes and hopefully some gain in efficiency. The
  type-checker ignores irrelevant arguments when checking equality, so
  two lists can be equal even if they contain different proofs:

  ```agda
  l₁ : SList 1
  l₁ = scons 0 p₁ []

  l₂ : SList 1
  l₂ = scons 0 p₂ []

  l₁≡l₂ : l₁ ≡ l₂
  l₁≡l₂ = refl
  ```

  Irrelevant arguments can only be used in irrelevant contexts.
  Consider the following subset type:

  ```agda
  data Subset (A : Set) (P : A → Set) : Set where
    _#_ : (elem : A) → .(P elem) → Subset A P
  ```

  The following two uses are fine:

  ```agda
  elimSubset : ∀ {A C : Set} {P} →
               Subset A P → ((a : A) → .(P a) → C) → C
  elimSubset (a # p) k = k a p

  elem : {A : Set} {P : A → Set} → Subset A P → A
  elem (x # p) = x
  ```

  However, if we try to project out the proof component, then Agda
  complains that `variable p is declared irrelevant, so it cannot be
  used here`:

  ```agda
  prjProof : ∀ {A P} (x : Subset A P) → P (elem x)
  prjProof (a # p) = p
  ```

  Matching against irrelevant arguments is also forbidden, except in
  the case of irrefutable matches (record constructor patterns which
  have been translated away). For instance, the match against the
  pattern `(p , q)` here is accepted:

  ```agda
  elim₂ : ∀ {A C : Set} {P Q : A → Set} →
          Subset A (λ x → Σ (P x) (λ _ → Q x)) →
          ((a : A) → .(P a) → .(Q a) → C) → C
  elim₂ (a # (p , q)) k = k a p q
  ```

  Absurd matches `()` are also allowed.

  Note that record fields can also be irrelevant. Example:

  ```agda
  record Subset (A : Set) (P : A → Set) : Set where
    constructor _#_
    field
      elem   : A
      .proof : P elem
  ```

  Irrelevant fields are never in scope, neither inside nor outside the
  record. This means that no record field can depend on an irrelevant
  field, and furthermore projections are not defined for such fields.
  Irrelevant fields can only be accessed using pattern matching, as in
  `elimSubset` above.

  Irrelevant function types were added very recently, and have not
  been subjected to much experimentation yet, so do not be surprised
  if something is changed before the next release. For instance,
  dependent irrelevant function spaces (`.(x : A) → B`) might be added
  in the future.

* Mixfix binders.

  It is now possible to declare user-defined syntax that binds
  identifiers. Example:

  ```agda
  postulate
    State  : Set → Set → Set
    put    : ∀ {S} → S → State S ⊤
    get    : ∀ {S} → State S S
    return : ∀ {A S} → A → State S A
    bind   : ∀ {A B S} → State S B → (B → State S A) → State S A

  syntax bind e₁ (λ x → e₂) = x ← e₁ , e₂

  increment : State ℕ ⊤
  increment = x ← get ,
              put (1 + x)
  ```

  The syntax declaration for `bind` implies that `x` is in scope in
  `e₂`, but not in `e₁`.

  You can give fixity declarations along with syntax declarations:

  ```agda
  infixr 40 bind
  syntax bind e₁ (λ x → e₂) = x ← e₁ , e₂
  ```

  The fixity applies to the syntax, not the name; syntax declarations
  are also restricted to ordinary, non-operator names. The following
  declaration is disallowed:

  ```agda
  syntax _==_ x y = x === y
  ```agda

  Syntax declarations must also be linear; the following declaration
  is disallowed:

  ```agda
  syntax wrong x = x + x
  ```

  Syntax declarations were added very recently, and have not been
  subjected to much experimentation yet, so do not be surprised if
  something is changed before the next release.

* `Prop` has been removed from the language.

  The experimental sort `Prop` has been disabled. Any program using
  `Prop` should typecheck if `Prop` is replaced by `Set₀`. Note that
  `Prop` is still a keyword.

* Injective type constructors off by default.

  Automatic injectivity of type constructors has been disabled (by
  default). To enable it, use the flag
  `--injective-type-constructors`, either on the command line or in an
  `OPTIONS` pragma. Note that this flag makes Agda anti-classical and
  possibly inconsistent:

    Agda with excluded middle is inconsistent
    http://thread.gmane.org/gmane.comp.lang.agda/1367

  See `test/Succeed/InjectiveTypeConstructors.agda` for an example.

* Termination checker can count.

  There is a new flag `--termination-depth=N` accepting values `N >=
  1` (with `N = 1` being the default) which influences the behavior of
  the termination checker. So far, the termination checker has only
  distinguished three cases when comparing the argument of a recursive
  call with the formal parameter of the callee.

  `<`: the argument is structurally smaller than the parameter

  `=`: they are equal

  `?`: the argument is bigger or unrelated to the parameter

  This behavior, which is still the default (`N = 1`), will not
  recognise the following functions as terminating.

   ```agda
   mutual

      f : ℕ → ℕ
      f zero          = zero
      f (suc zero)    = zero
      f (suc (suc n)) = aux n

      aux : ℕ → ℕ
      aux m = f (suc m)
  ```

  The call graph

  ```
  f --(<)--> aux --(?)--> f
  ```

  yields a recursive call from `f` to `f` via `aux` where the relation
  of call argument to callee parameter is computed as "unrelated"
  (composition of `<` and `?`).

  Setting `N >= 2` allows a finer analysis: `n` has two constructors
  less than `suc (suc n)`, and `suc m` has one more than `m`, so we get the
  call graph:

  ```
  f --(-2)--> aux --(+1)--> f
  ```

  The indirect call `f --> f` is now labeled with `(-1)`, and the
  termination checker can recognise that the call argument is
  decreasing on this path.

  Setting the termination depth to `N` means that the termination
  checker counts decrease up to `N` and increase up to `N-1`. The
  default, `N=1`, means that no increase is counted, every increase
  turns to "unrelated".

  In practice, examples like the one above sometimes arise when `with`
  is used. As an example, the program

  ```agda
  f : ℕ → ℕ
  f zero          = zero
  f (suc zero)    = zero
  f (suc (suc n)) with zero
  ... | _ = f (suc n)
  ```

  is internally represented as

  ```agda
  mutual

    f : ℕ → ℕ
    f zero          = zero
    f (suc zero)    = zero
    f (suc (suc n)) = aux n zero

    aux : ℕ → ℕ → ℕ
    aux m k = f (suc m)
  ```

  Thus, by default, the definition of `f` using `with` is not accepted
  by the termination checker, even though it looks structural (`suc n`
  is a subterm of `suc suc n`). Now, the termination checker is
  satisfied if the option `--termination-depth=2` is used.

  Caveats:

  - This is an experimental feature, hopefully being replaced by
    something smarter in the near future.

  - Increasing the termination depth will quickly lead to very long
    termination checking times. So, use with care. Setting termination
    depth to `100` by habit, just to be on the safe side, is not a good
    idea!

  - Increasing termination depth only makes sense for linear data
    types such as `ℕ` and `Size`. For other types, increase cannot be
    recognised. For instance, consider a similar example with lists.

    ```agda
    data List : Set where
      nil  : List
      cons : ℕ → List → List

    mutual
      f : List → List
      f nil                  = nil
      f (cons x nil)         = nil
      f (cons x (cons y ys)) = aux y ys

      aux : ℕ → List → List
      aux z zs = f (cons z zs)
    ```

    Here the termination checker compares `cons z zs` to `z` and also
    to `zs`. In both cases, the result will be "unrelated", no matter
    how high we set the termination depth. This is because when
    comparing `cons z zs` to `zs`, for instance, `z` is unrelated to
    `zs`, thus, `cons z zs` is also unrelated to `zs`. We cannot say
    it is just "one larger" since `z` could be a very large term. Note
    that this points to a weakness of untyped termination checking.

    To regain the benefit of increased termination depth, we need to
    index our lists by a linear type such as `ℕ` or `Size`. With
    termination depth `2`, the above example is accepted for vectors
    instead of lists.

* The `codata` keyword has been removed. To use coinduction, use the
  following new builtins: `INFINITY`, `SHARP` and `FLAT`. Example:

  ```agda
  {-# OPTIONS --universe-polymorphism #-}

  module Coinduction where

  open import Level

  infix 1000 ♯_

  postulate
    ∞  : ∀ {a} (A : Set a) → Set a
    ♯_ : ∀ {a} {A : Set a} → A → ∞ A
    ♭  : ∀ {a} {A : Set a} → ∞ A → A

  {-# BUILTIN INFINITY ∞  #-}
  {-# BUILTIN SHARP    ♯_ #-}
  {-# BUILTIN FLAT     ♭  #-}
  ```

  Note that (non-dependent) pattern matching on `SHARP` is no longer
  allowed.

  Note also that strange things might happen if you try to combine the
  pragmas above with `COMPILED_TYPE`, `COMPILED_DATA` or `COMPILED`
  pragmas, or if the pragmas do not occur right after the postulates.

  The compiler compiles the `INFINITY` builtin to nothing (more or
  less), so that the use of coinduction does not get in the way of FFI
  declarations:

  ```agda
  data Colist (A : Set) : Set where
    []  : Colist A
    _∷_ : (x : A) (xs : ∞ (Colist A)) → Colist A

  {-# COMPILED_DATA Colist [] [] (:) #-}
  ```

* Infinite types.

  If the new flag `--guardedness-preserving-type-constructors` is
  used, then type constructors are treated as inductive constructors
  when we check productivity (but only in parameters, and only if they
  are used strictly positively or not at all). This makes examples
  such as the following possible:

  ```agda
  data Rec (A : ∞ Set) : Set where
    fold : ♭ A → Rec A

  -- Σ cannot be a record type below.

  data Σ (A : Set) (B : A → Set) : Set where
    _,_ : (x : A) → B x → Σ A B

  syntax Σ A (λ x → B) = Σ[ x ∶ A ] B

  -- Corecursive definition of the W-type.

  W : (A : Set) → (A → Set) → Set
  W A B = Rec (♯ (Σ[ x ∶ A ] (B x → W A B)))

  syntax W A (λ x → B) = W[ x ∶ A ] B

  sup : {A : Set} {B : A → Set} (x : A) (f : B x → W A B) → W A B
  sup x f = fold (x , f)

  W-rec : {A : Set} {B : A → Set}
          (P : W A B → Set) →
          (∀ {x} {f : B x → W A B} → (∀ y → P (f y)) → P (sup x f)) →
          ∀ x → P x
  W-rec P h (fold (x , f)) = h (λ y → W-rec P h (f y))

  -- Induction-recursion encoded as corecursion-recursion.

  data Label : Set where
    ′0 ′1 ′2 ′σ ′π ′w : Label

  mutual

    U : Set
    U = Σ Label U′

    U′ : Label → Set
    U′ ′0 = ⊤
    U′ ′1 = ⊤
    U′ ′2 = ⊤
    U′ ′σ = Rec (♯ (Σ[ a ∶ U ] (El a → U)))
    U′ ′π = Rec (♯ (Σ[ a ∶ U ] (El a → U)))
    U′ ′w = Rec (♯ (Σ[ a ∶ U ] (El a → U)))

    El : U → Set
    El (′0 , _)            = ⊥
    El (′1 , _)            = ⊤
    El (′2 , _)            = Bool
    El (′σ , fold (a , b)) = Σ[ x ∶ El a ]  El (b x)
    El (′π , fold (a , b)) =   (x : El a) → El (b x)
    El (′w , fold (a , b)) = W[ x ∶ El a ]  El (b x)

  U-rec : (P : ∀ u → El u → Set) →
          P (′1 , _) tt →
          P (′2 , _) true →
          P (′2 , _) false →
          (∀ {a b x y} →
           P a x → P (b x) y → P (′σ , fold (a , b)) (x , y)) →
          (∀ {a b f} →
           (∀ x → P (b x) (f x)) → P (′π , fold (a , b)) f) →
          (∀ {a b x f} →
           (∀ y → P (′w , fold (a , b)) (f y)) →
           P (′w , fold (a , b)) (sup x f)) →
          ∀ u (x : El u) → P u x
  U-rec P P1 P2t P2f Pσ Pπ Pw = rec
    where
    rec : ∀ u (x : El u) → P u x
    rec (′0 , _)            ()
    rec (′1 , _)            _              = P1
    rec (′2 , _)            true           = P2t
    rec (′2 , _)            false          = P2f
    rec (′σ , fold (a , b)) (x , y)        = Pσ (rec _ x) (rec _ y)
    rec (′π , fold (a , b)) f              = Pπ (λ x → rec _ (f x))
    rec (′w , fold (a , b)) (fold (x , f)) = Pw (λ y → rec _ (f y))
  ```

  The `--guardedness-preserving-type-constructors` extension is based
  on a rather operational understanding of `∞`/`♯_`; it's not yet
  clear if this extension is consistent.

* Qualified constructors.

  Constructors can now be referred to qualified by their data type.
  For instance, given

  ```agda
  data Nat : Set where
    zero : Nat
    suc  : Nat → Nat

  data Fin : Nat → Set where
    zero : ∀ {n} → Fin (suc n)
    suc  : ∀ {n} → Fin n → Fin (suc n)
  ```

  you can refer to the constructors unambiguously as `Nat.zero`,
  `Nat.suc`, `Fin.zero`, and `Fin.suc` (`Nat` and `Fin` are modules
  containing the respective constructors). Example:

  ```agda
  inj : (n m : Nat) → Nat.suc n ≡ suc m → n ≡ m
  inj .m m refl = refl
  ```

  Previously you had to write something like

  ```agda
  inj : (n m : Nat) → _≡_ {Nat} (suc n) (suc m) → n ≡ m
  ```

  to make the type checker able to figure out that you wanted the
  natural number suc in this case.

* Reflection.

  There are two new constructs for reflection:

    - `quoteGoal x in e`

      In `e` the value of `x` will be a representation of the goal type
      (the type expected of the whole expression) as an element in a
      datatype of Agda terms (see below). For instance,

      ```agda
      example : ℕ
      example = quoteGoal x in {! at this point x = def (quote ℕ) [] !}
      ```

    - `quote x : Name`

      If `x` is the name of a definition (function, datatype, record,
      or a constructor), `quote x` gives you the representation of `x`
      as a value in the primitive type `Name` (see below).

  Quoted terms use the following BUILTINs and primitives (available
  from the standard library module `Reflection`):

  ```agda
  -- The type of Agda names.

  postulate Name : Set

  {-# BUILTIN QNAME Name #-}

  primitive primQNameEquality : Name → Name → Bool

  -- Arguments.

  Explicit? = Bool

  data Arg A : Set where
    arg : Explicit? → A → Arg A

  {-# BUILTIN ARG    Arg #-}
  {-# BUILTIN ARGARG arg #-}

  -- The type of Agda terms.

  data Term : Set where
    var     : ℕ → List (Arg Term) → Term
    con     : Name → List (Arg Term) → Term
    def     : Name → List (Arg Term) → Term
    lam     : Explicit? → Term → Term
    pi      : Arg Term → Term → Term
    sort    : Term
    unknown : Term

  {-# BUILTIN AGDATERM            Term    #-}
  {-# BUILTIN AGDATERMVAR         var     #-}
  {-# BUILTIN AGDATERMCON         con     #-}
  {-# BUILTIN AGDATERMDEF         def     #-}
  {-# BUILTIN AGDATERMLAM         lam     #-}
  {-# BUILTIN AGDATERMPI          pi      #-}
  {-# BUILTIN AGDATERMSORT        sort    #-}
  {-# BUILTIN AGDATERMUNSUPPORTED unknown #-}
  ```

  Reflection may be useful when working with internal decision
  procedures, such as the standard library's ring solver.

* Minor record definition improvement.

  The definition of a record type is now available when type checking
  record module definitions. This means that you can define things
  like the following:

  ```agda
  record Cat : Set₁ where
    field
      Obj  : Set
      _=>_ : Obj → Obj → Set
      -- ...

    -- not possible before:
    op : Cat
    op = record { Obj = Obj; _=>_ = λ A B → B => A }
  ```

Tools
-----

* The `Goal type and context` command now shows the goal type before
  the context, and the context is shown in reverse order. The `Goal
  type, context and inferred type` command has been modified in a
  similar way.

* Show module contents command.

  Given a module name `M` the Emacs mode can now display all the
  top-level modules and names inside `M`, along with types for the
  names. The command is activated using `C-c C-o` or the menus.

* Auto command.

  A command which searches for type inhabitants has been added. The
  command is invoked by pressing `C-C C-a` (or using the goal menu).
  There are several flags and parameters, e.g. `-c` which enables
  case-splitting in the search. For further information, see the Agda
  wiki:

    http://wiki.portal.chalmers.se/agda/pmwiki.php?n=Main.Auto

* HTML generation is now possible for a module with unsolved
  meta-variables, provided that the `--allow-unsolved-metas` flag is
  used.