In Agda with --safe, it is impossible to write a nonterminating program. Acknowledging the halting problem, it follows that there are terminating programs that cannot be written in safe Agda. But I want a constructive proof. :-)
To be more clear, I want an example of a function that can be proved to always terminate but cannot have a pointwise equivalent written in safe Agda. (And a proof on why it can’t.)
It would be nice to have examples of functions with finite and infinite different possible outputs. It would be specially nice if the proofs are easy to follow!
-
1When I wrote the question, I had no idea about how to even begin writing such a program or what such a program could even be. An answer briefly explaining what the program would even be (such as Jesper’s) is sufficient. I did search for an example, but I couldn’t find anything. Usually people just use the halting problem argument rather than providing an example.zamfofex– zamfofex2025年07月25日 02:35:12 +00:00Commented Jul 25, 2025 at 2:35
1 Answer 1
The canonical example of a function that is terminating but cannot be implemented in Agda is an evaluator for Agda terms itself. If it were possible to implement, then we could use it to prove that there are no well-typed terms of the empty type, i.e. that Agda is sound, which would imply Agda is inconsistent by Gödel's incompleteness. (Note that the above is assuming Agda is consistent in the first place, i.e. it is talking about an idealized version of Agda rather than its actual implementation.)
2 Comments
"⊥" (the internal bottom type) to a normal form of that type, of which there are none by definition; thus the evaluator at that type has the type ¬ "⊥", which says that Agda is consistent as a logical system.