Extensionality axiom: why is it not unsound

Question

Axiom of extensionality says that two functions are equal if their actions on each argument of the domain are equal.

Axiom func_ext_dep : forall (A : Type) (B : A -> Type) (f g : forall x, B x),
  (forall x, f x = g x) -> f = g.

Equality = on both side of the theorem statement is propositional equality (a datatype with a single eq_refl constructor). Using this axiom it could be proven that f = a + b and g = b + a are propositionally equal.

But f and g are obviously not equal as data structures.

Could you please explain what I'm missing here? Probably that function objects don't have normal form?

Answer 1

EDIT: After further discussion in the comments, the actual point of confusion was this:

Doesn't match a with... = match b with gives me False right away the same way as S S Z = S Z does?

You can pattern-match on nat, you can't on functions. Dependent pattern-matching is how we can prove injectivity and disjointness of constructors, whereas the only thing we can do with a function is to apply it. (See also How do we know all Coq constructors are injective and disjoint?)

Nevertheless, I hope the rest of the answer below is still instructive.

---

From the comments:

AFAIU, = has a very precise meaning in Coq/CIC - syntactic equality of normal forms.

That's not right. For example we can prove the following:

Lemma and_comm : forall a b : bool, (* a && b = b && a *)
   match a with
   | true => b
   | false => false
   end = match b with
         | true => a
         | false => false
         end.
Proof.
  destruct a, b; reflexivity.
Qed.

We can only use eq_refl when the two sides are syntactically equal, but there are more reasoning rules we can apply beyond the constructors of an inductive propositions, most notably dependent pattern-matching, and, if we admit it, functional extensionality.

But f and g are obviously not equal as data structures.

This statement seems to confuse provability and truth. It's important to distinguish these two worlds. (And I'm not a logician, so take what I'm going to say with a grain of salt.)

Coq is a symbol-pushing game, with well-defined rules to construct terms of certain types. This is provability. When Coq accepts a proof, all we know is that we constructed a term following the rules.

Of course, we also want those terms and types to mean something. When we prove a proposition, we expect that to tell us something about the state of the world. This is truth. And in a way, Coq has very little say in the matter. When we read f = g, we are giving a meaning to the symbol f, a meaning to g, and also a meaning to =. This is entirely up to us (well, there are always rules to follow), and there's more than one interpretation (or "model").

The "naive model" that most people have in mind views functions as relations (also called graphs) between inputs and outputs. In this model, functional extensionality holds: a function is no more than a mapping between inputs and outputs, so two functions with the same mappings are equal. Functional extensionality is sound in Coq (we can't prove False) because there is at least one model where it is valid.

In the model you have, a function is characterized by its code, modulo some equations. (This is more or less the "syntactic model", where we interpret every expression as itself, with the minimal possible amount of semantic behavior.) Then, indeed there are functions that are extensionally equal, but with different code. So functional extentionality is not valid in this model, but that doesn't mean it's false (i.e., that we can prove its negation) in Coq, as justified previously.

f and g are not "obviously not equal", because equality, like everything else, is relative to a particular interpretation.