(** * Proving with computer assistance, Spring 2011 *)
Proving with computer assistance, Spring 2010
(* Version of 25/3/2010 *)
(* ###################################################################### *)
(** * Coq *)
(** The main PA for this course is the Coq proof assistant.
Coq can be seen as a combination of:
- a simple but still very expressive functional programming language,
- a language for defining abstract and concrete mathematical concepts,
- a language for writing logical formulas expressing properties of
mathematical concepts or assertions of programs
- a language and a set of tools for proving these formulas
The Coq system has fairly few things "built in", but there is a
standard library which contains basic things like booleans,
numbers and lists. Also there are many user contributions around
on the web. Also, Coq provides powerful tools for defining your
own types and functions and for constructing your own proof
tactics. *)
The main PA for this course is the Coq proof assistant.
Coq can be seen as a combination of:
- a simple but still very expressive functional programming language,
- a language for defining abstract and concrete mathematical concepts,
- a language for writing logical formulas expressing properties of
mathematical concepts or assertions of programs
- a language and a set of tools for proving these formulas
The Coq system has fairly few things "built in", but there is a
standard library which contains basic things like booleans,
numbers and lists. Also there are many user contributions around
on the web. Also, Coq provides powerful tools for defining your
own types and functions and for constructing your own proof
tactics.
Coq is a free program available via the site
http://coq.inria.fr. There are compiled binary versions
for Linux and Windows.
For this practicum it is recommended that you install Coq
IDE or ProofGeneral or that you use the prover system:
http://prover.cs.ru.nl
For getting a login for the course (and teh prover system) and in
general for more information, look at:
http://www.cs.ru.nl/H.Geuvers/onderwijs/provingwithCA/
Section Introduction.
Section Introduction.
(**
Using the command Goal we enter the proof mode and set the
proposition that we will try to prove.
*)
Using the command Goal we enter the proof mode and set the
proposition that we will try to prove.
Goal forall A B C: Prop, (A -> B -> C) -> (A -> B) -> (A -> C).1 subgoal
============================
forall A B C : Prop, (A -> B -> C) -> (A -> B) -> A -> C
Goal forall A B C: Prop, (A -> B -> C) -> (A -> B) -> (A -> C).
intros.1 subgoal
A : Prop
B : Prop
C : Prop
H : A -> B -> C
H0 : A -> B
H1 : A
============================
C
intros.
apply H.2 subgoals
A : Prop
B : Prop
C : Prop
H : A -> B -> C
H0 : A -> B
H1 : A
============================
A
subgoal 2 is:
B
apply H.
assumption.1 subgoal
A : Prop
B : Prop
C : Prop
H : A -> B -> C
H0 : A -> B
H1 : A
============================
B
assumption.
apply H0.1 subgoal
A : Prop
B : Prop
C : Prop
H : A -> B -> C
H0 : A -> B
H1 : A
============================
A
apply H0.
assumption.Proof completed.
assumption.
(**
The proof is now complete. It can be saved for future use
with the command Save, followed by a name for the new
theorem. This also ends the proof mode.
*)
The proof is now complete. It can be saved for future use
with the command Save, followed by a name for the new
theorem. This also ends the proof mode.
Save Tautology1.Tautology1 is defined
Save Tautology1.
(**
To prove and save the result above, we could also have
stated it as a Theorem or Lemma, as follows:
*)
To prove and save the result above, we could also have
stated it as a Theorem or Lemma, as follows:
Lemma Tautology1':
forall A B C:Prop, (A -> B -> C) -> (A -> B) -> (A -> C).1 subgoal
============================
forall A B C : Prop, (A -> B -> C) -> (A -> B) -> A -> C
Lemma Tautology1':
forall A B C:Prop, (A -> B -> C) -> (A -> B) -> (A -> C).
Proof.
Proof.
intros.1 subgoal
A : Prop
B : Prop
C : Prop
H : A -> B -> C
H0 : A -> B
H1 : A
============================
C
intros.
apply H.2 subgoals
A : Prop
B : Prop
C : Prop
H : A -> B -> C
H0 : A -> B
H1 : A
============================
A
subgoal 2 is:
B
apply H.
assumption.1 subgoal
A : Prop
B : Prop
C : Prop
H : A -> B -> C
H0 : A -> B
H1 : A
============================
B
assumption.
apply H0.1 subgoal
A : Prop
B : Prop
C : Prop
H : A -> B -> C
H0 : A -> B
H1 : A
============================
A
apply H0.
assumption.Proof completed.
assumption.
Qed.Tautology1' is defined
Qed.
(**
NB "tauto" just finishes the proof right away;
it is a complete tautology checker for constructive
propositional logic
NB "Admitted" leaves the proof without finishing it;
this can be useful if you first want to prove something else
With Qed. the proof is validated and added to the environment.
In fact this method is usually preferred unless we do not
want to give a name to a proof.
*)
NB "tauto" just finishes the proof right away;
it is a complete tautology checker for constructive
propositional logic
NB "Admitted" leaves the proof without finishing it;
this can be useful if you first want to prove something else
With Qed. the proof is validated and added to the environment.
In fact this method is usually preferred unless we do not
want to give a name to a proof.
(**
The natural numbers are pre-defined in Coq as
> nat: Set
Check that with the command
> Check nat.
The terms "O" and "S" represent the natural number zero
and the successor function (adding of 1). Check their
types with the Check command.
*)
The natural numbers are pre-defined in Coq as
> nat: Set
Check that with the command
> Check nat.
The terms "O" and "S" represent the natural number zero
and the successor function (adding of 1). Check their
types with the Check command.
Check nat.nat
: Set
Check nat.
Check O.0
: nat
Check O.
Check S.S
: nat -> nat
Check S.
(**
The function that adds two to its argument can be defined as:
*)
The function that adds two to its argument can be defined as:
Definition Add_two := fun x:nat => S (S x).Add_two is defined
Definition Add_two := fun x:nat => S (S x).
(** But also, the number two can be defined as *)
But also, the number two can be defined as
Definition two := 2.two is defined
Definition two := 2.
(**
We could have also used "S (S 0)" in place of "2", they are
equivalent
*)
We could have also used "S (S 0)" in place of "2", they are
equivalent
(** Now two can be used in the definition of the function: *)
Now two can be used in the definition of the function:
Definition Add_two' (x: nat) := x + two.Add_two' is defined
Definition Add_two' (x: nat) := x + two.
(**
Note the parameter in the definition. This is a syntactic
sugar and a more readable way of writing:
> Definition Add_two'' := fun x: nat => x + two.
*)
Note the parameter in the definition. This is a syntactic
sugar and a more readable way of writing:
> Definition Add_two'' := fun x: nat => x + two.
(**
One example on how the notion of equality can be introduced
in Coq. (Note: Coq has already a built-in equality denoted by
the symbol "=", but in this example we define our own).
*)
One example on how the notion of equality can be introduced
in Coq. (Note: Coq has already a built-in equality denoted by
the symbol "=", but in this example we define our own).
Variable IS : forall A: Set, A -> A -> Prop.IS is assumed
Variable IS : forall A: Set, A -> A -> Prop.
(**
The line above only defines "IS" as a binary relation on an
arbitrary set "A" - this is a polymorphic equality.
Reflexivity can be introduced by an extra axiom:
*)
The line above only defines "IS" as a binary relation on an
arbitrary set "A" - this is a polymorphic equality.
Reflexivity can be introduced by an extra axiom:
Axiom refl: forall (A: Set) (z: A), IS A z z.refl is assumed
Axiom refl: forall (A: Set) (z: A), IS A z z.
(**
Now we should be able to prove "IS nat (Add_two O) two" and
indeed this is the case as shown below
*)
Now we should be able to prove "IS nat (Add_two O) two" and
indeed this is the case as shown below
Goal (IS nat (Add_two O) two).1 subgoal
IS : forall A : Set, A -> A -> Prop
============================
IS nat (Add_two 0) two
Goal (IS nat (Add_two O) two).
apply refl.Proof completed.
apply refl.
Qed.Unnamed_thm is defined
Qed.
Goal (IS nat (Add_two' O) two).1 subgoal
IS : forall A : Set, A -> A -> Prop
============================
IS nat (Add_two' 0) two
Goal (IS nat (Add_two' O) two).
apply refl.Proof completed.
apply refl.
Qed.Unnamed_thm0 is defined
Qed.
(**
What happened here? Coq can see that
"IS nat (Add_two' O) two)" is an instance of the reflexivity
axiom "IS A z z". It takes "nat" for the set "A" and "two" for
"z", but "two" is (by definition) equal to
"Add_two' O". This check is performed automatically as
follows:
Add_two' O = (By unfolding Add_two)
0 + two = (By beta-reduction)
two
Hence, when comparing two terms, Coq folds or unfolds
definitions as necessary
*)
What happened here? Coq can see that
"IS nat (Add_two' O) two)" is an instance of the reflexivity
axiom "IS A z z". It takes "nat" for the set "A" and "two" for
"z", but "two" is (by definition) equal to
"Add_two' O". This check is performed automatically as
follows:
Add_two' O = (By unfolding Add_two)
0 + two = (By beta-reduction)
two
Hence, when comparing two terms, Coq folds or unfolds
definitions as necessary
(* ###################################################################### *)
(** * Classical Logic in Coq *)
(**
This example shows how we can do classical logic in Coq
Suppose we want to prove that for all propositions "A" and "B"
the following holds: "(~A -> B) -> (~B -> A)".
Note that negation is defined as
> Definition not (A: Prop) := A -> False
and "~A" is an abbreviation for "not A".
Let us give this proposition the name contra (from
contraposition):
*)
This example shows how we can do classical logic in Coq
Suppose we want to prove that for all propositions "A" and "B"
the following holds: "(~A -> B) -> (~B -> A)".
Note that negation is defined as
> Definition not (A: Prop) := A -> False
and "~A" is an abbreviation for "not A".
Let us give this proposition the name contra (from
contraposition):
Print not.not = fun A : Prop => A -> False
: Prop -> Prop
Argument scope is [type_scope]
Print not.
Definition contra := forall A B: Prop, (~A -> B) -> (~B -> A).contra is defined
Definition contra := forall A B: Prop, (~A -> B) -> (~B -> A).
Print contra.contra = forall A B : Prop, (~ A -> B) -> ~ B -> A
: Prop
Print contra.
(**
You can try to prove contra using the tauto or the intuition
tactic:
> Goal contra.
> tauto.
Unfortunately, Coq cannot prove contra with the tactic
tauto or intuition, because it is not provable in the
constructive logic of Coq. To prove this proposition, we
need the axiom for double negation:
*)
You can try to prove contra using the tauto or the intuition
tactic:
> Goal contra.
> tauto.
Unfortunately, Coq cannot prove contra with the tactic
tauto or intuition, because it is not provable in the
constructive logic of Coq. To prove this proposition, we
need the axiom for double negation:
Hypothesis classical: forall A: Prop, ~~A -> A.classical is assumed
Hypothesis classical: forall A: Prop, ~~A -> A.
(** With this extra axiom we can prove contra *)
With this extra axiom we can prove contra
Goal contra.1 subgoal
IS : forall A : Set, A -> A -> Prop
classical : forall A : Prop, ~ ~ A -> A
============================
contra
Goal contra.
unfold contra.1 subgoal
IS : forall A : Set, A -> A -> Prop
classical : forall A : Prop, ~ ~ A -> A
============================
forall A B : Prop, (~ A -> B) -> ~ B -> A
unfold contra.
intros.1 subgoal
IS : forall A : Set, A -> A -> Prop
classical : forall A : Prop, ~ ~ A -> A
A : Prop
B : Prop
H : ~ A -> B
H0 : ~ B
============================
A
intros.
apply classical.1 subgoal
IS : forall A : Set, A -> A -> Prop
classical : forall A : Prop, ~ ~ A -> A
A : Prop
B : Prop
H : ~ A -> B
H0 : ~ B
============================
~ ~ A
apply classical.
(*
The goal at this moment is
A : Prop
B : Prop
H : ~A->B
H0 : ~B
===================
~~A
Remember the definition of "not"? "~~A" can also be written
as "~A -> False", so...
*)
intro.1 subgoal
IS : forall A : Set, A -> A -> Prop
classical : forall A : Prop, ~ ~ A -> A
A : Prop
B : Prop
H : ~ A -> B
H0 : ~ B
H1 : ~ A
============================
False
intro.
(*
This results in the following goal:
A : Prop
B : Prop
H : ~A->B
H0 : ~B
H1 : ~A
===================
False
In this context, from "H" and "H1" we can obtain a proof of
"B" and since H0 is a proof of "~B" (i.e. "B -> False"), we
will get False. However, Coq always works in a backwards
manner, we need to use first "H0" (and then the goal will be to
prove "B"). Next, to prove "B", we will need to use "H" (and
the goal will become "~A"). The final step will be trivial,
because "H1" is a proof of "~A".
*)
apply H0.1 subgoal
IS : forall A : Set, A -> A -> Prop
classical : forall A : Prop, ~ ~ A -> A
A : Prop
B : Prop
H : ~ A -> B
H0 : ~ B
H1 : ~ A
============================
B
apply H0.
(*
A : Prop
B : Prop
H : ~A->B
H0 : ~B
H1 : ~A
===================
B
*)
apply H.1 subgoal
IS : forall A : Set, A -> A -> Prop
classical : forall A : Prop, ~ ~ A -> A
A : Prop
B : Prop
H : ~ A -> B
H0 : ~ B
H1 : ~ A
============================
~ A
apply H.
(*
A : Prop
B : Prop
H : ~A->B
H0 : ~B
H1 : ~A
===================
~A
*)
assumption.Proof completed.
assumption.
(** To see the proof-term that we created, use Show Proof: *)
To see the proof-term that we created, use Show Proof:
Show Proof.LOC:
Subgoals
Proof: fun (A B : Prop) (H : ~ A -> B) (H0 : ~ B) =>
classical A (fun H1 : ~ A => H0 (H H1))
Show Proof.
(**
> Proof: fun (A B: Prop)(H: ~A -> B)(H0: ~B) =>
> classical A (fun H1: ~A => H0 (H H1))
Although we prove a formula in classical logic, you can still
use the automated tactics of Coq. They will work for subgoals
that do not require the axiom "classical"
*)
> Proof: fun (A B: Prop)(H: ~A -> B)(H0: ~B) =>
> classical A (fun H1: ~A => H0 (H H1))
Although we prove a formula in classical logic, you can still
use the automated tactics of Coq. They will work for subgoals
that do not require the axiom "classical"
Qed.Unnamed_thm1 is defined
Qed.
(**
The part with the worked-out examples ends here. Now you can
try to prove the exercises below yourself.
*)
The part with the worked-out examples ends here. Now you can
try to prove the exercises below yourself.
End Introduction.
End Introduction.
(* ###################################################################### *)
(** *** Exercise 1. (implications) *)
Exercise 1. (implications)
(** Prove the following propositions:
So you have to replace all the Admitted by real Coq proofs.
*)
Prove the following propositions:
So you have to replace all the Admitted by real Coq proofs.
Lemma L1_1: forall p q r: Prop,
(p -> q) -> (q -> r) -> (p -> r).1 subgoal
============================
forall p q r : Prop, (p -> q) -> (q -> r) -> p -> r
Lemma L1_1: forall p q r: Prop,
(p -> q) -> (q -> r) -> (p -> r).
Admitted.L1_1 is assumed
Admitted.
Lemma L1_2: forall p q: Prop, (p -> p -> q) -> (p -> q).1 subgoal
============================
forall p q : Prop, (p -> p -> q) -> p -> q
Lemma L1_2: forall p q: Prop, (p -> p -> q) -> (p -> q).
Admitted.L1_2 is assumed
Admitted.
Lemma L1_3: forall p q: Prop, (p -> q) -> (p -> p -> q).1 subgoal
============================
forall p q : Prop, (p -> q) -> p -> p -> q
Lemma L1_3: forall p q: Prop, (p -> q) -> (p -> p -> q).
Admitted.L1_3 is assumed
Admitted.
Lemma L1_4: forall p q r:Prop, (p -> q -> r) -> (q -> p -> r).1 subgoal
============================
forall p q r : Prop, (p -> q -> r) -> q -> p -> r
Lemma L1_4: forall p q r:Prop, (p -> q -> r) -> (q -> p -> r).
Admitted.L1_4 is assumed
Admitted.
(* ###################################################################### *)
(** *** Exercise 2. (falsum) *)
(**
Define "false" as follows:
*)
Define "false" as follows:
Definition false := forall p: Prop, p.false is defined
Definition false := forall p: Prop, p.
Check false.false
: Prop
Check false.
(**
Prove that from "false" follows any other proposition,
i.e. prove the following
*)
Prove that from "false" follows any other proposition,
i.e. prove the following
Lemma ex_falso: forall p:Prop, false -> p.1 subgoal
============================
forall p : Prop, false -> p
Lemma ex_falso: forall p:Prop, false -> p.
Admitted.ex_falso is assumed
Admitted.
(** Prove the following propositions: *)
Prove the following propositions:
Lemma L2_1: forall p q: Prop, (p -> q) -> ~q -> ~p.1 subgoal
============================
forall p q : Prop, (p -> q) -> ~ q -> ~ p
Lemma L2_1: forall p q: Prop, (p -> q) -> ~q -> ~p.
Admitted.L2_1 is assumed
Admitted.
Lemma L2_2: forall p: Prop, p -> ~~p.1 subgoal
============================
forall p : Prop, p -> ~ ~ p
Lemma L2_2: forall p: Prop, p -> ~~p.
Admitted.L2_2 is assumed
Admitted.
Lemma L2_3: forall p: Prop, ~~~p -> ~p.1 subgoal
============================
forall p : Prop, ~ ~ ~ p -> ~ p
Lemma L2_3: forall p: Prop, ~~~p -> ~p.
Admitted.L2_3 is assumed
Admitted.
(* ###################################################################### *)
(** *** Exercise 3. *)
(**
Introduce the following axiom
*)
Introduce the following axiom
Axiom classical: forall p: Prop, ~~p -> p.classical is assumed
Axiom classical: forall p: Prop, ~~p -> p.
(** Using it prove: *)
Using it prove:
Lemma L3_1: forall p q: Prop, (~q -> ~p) -> (p -> q).1 subgoal
============================
forall p q : Prop, (~ q -> ~ p) -> p -> q
Lemma L3_1: forall p q: Prop, (~q -> ~p) -> (p -> q).
Admitted.L3_1 is assumed
Admitted.
(**
For the following lemma you may want need to use the tactic:
> absurd X
that changes the present goal to two subgoals: "X" and "~X".
You may find this lemma difficult to prove - if so then
skip it and do not spend too much time on it.
*)
For the following lemma you may want need to use the tactic:
> absurd X
that changes the present goal to two subgoals: "X" and "~X".
You may find this lemma difficult to prove - if so then
skip it and do not spend too much time on it.
Lemma L3_2: forall p q: Prop, ((p -> q) -> p) -> p.1 subgoal
============================
forall p q : Prop, ((p -> q) -> p) -> p
Lemma L3_2: forall p q: Prop, ((p -> q) -> p) -> p.
Admitted.L3_2 is assumed
Admitted.
(* ###################################################################### *)
(** *** Exercise 4. (conjunction) *)
Exercise 4. (conjunction)
(** Define conjunction by
*)
Define conjunction by
Definition AND (p q:Prop) :=
forall (a: Prop), (p -> q -> a)->a.AND is defined
Definition AND (p q:Prop) :=
forall (a: Prop), (p -> q -> a)->a.
Check AND.AND
: Prop -> Prop -> Prop
Check AND.
Lemma projl: forall p q: Prop, AND p q -> p.1 subgoal
============================
forall p q : Prop, AND p q -> p
Lemma projl: forall p q: Prop, AND p q -> p.
Admitted.projl is assumed
Admitted.
Lemma projr: forall p q: Prop, AND p q -> q.1 subgoal
============================
forall p q : Prop, AND p q -> q
Lemma projr: forall p q: Prop, AND p q -> q.
Admitted.projr is assumed
Admitted.
Lemma pair: forall p q: Prop, p -> q -> AND p q.1 subgoal
============================
forall p q : Prop, p -> q -> AND p q
Lemma pair: forall p q: Prop, p -> q -> AND p q.
Admitted.pair is assumed
Admitted.
(**
Note: Coq defines conjunction and disjunction in a different
way than the one we are using here. More information on this
can be found in the Coq tutorial (see the Coq homepage)
*)
Note: Coq defines conjunction and disjunction in a different
way than the one we are using here. More information on this
can be found in the Coq tutorial (see the Coq homepage)
(* ###################################################################### *)
(** *** Exercise 5. (disjunction) *)
Exercise 5. (disjunction)
(** Define disjunction as follows
*)
Define disjunction as follows
Definition OR (p q: Prop) := forall (a: Prop),
(p -> a) -> (q -> a) -> a.OR is defined
Definition OR (p q: Prop) := forall (a: Prop),
(p -> a) -> (q -> a) -> a.
Check OR.OR
: Prop -> Prop -> Prop
Check OR.
(** Prove the following tautologies: *)
Prove the following tautologies:
Lemma inl: forall p q: Prop, p -> OR p q.1 subgoal
============================
forall p q : Prop, p -> OR p q
Lemma inl: forall p q: Prop, p -> OR p q.
Admitted.inl is assumed
Admitted.
Lemma inr: forall p q: Prop, q -> OR p q.1 subgoal
============================
forall p q : Prop, q -> OR p q
Lemma inr: forall p q: Prop, q -> OR p q.
Admitted.inr is assumed
Admitted.
(* ###################################################################### *)
(** *** Exercise 6. (more junctions) *)
Exercise 6. (more junctions)
(** Prove the following using the lemmas proved in Exercise 4
and 5:
*)
Prove the following using the lemmas proved in Exercise 4
and 5:
Lemma L6_1: forall p q: Prop, AND p q -> OR q p.1 subgoal
============================
forall p q : Prop, AND p q -> OR q p
Lemma L6_1: forall p q: Prop, AND p q -> OR q p.
Admitted.L6_1 is assumed
Admitted.
Lemma L6_2: forall p q: Prop, AND p q -> AND q p.1 subgoal
============================
forall p q : Prop, AND p q -> AND q p
Lemma L6_2: forall p q: Prop, AND p q -> AND q p.
Admitted.L6_2 is assumed
Admitted.
Lemma L6_3: forall p q r: Prop, OR (OR p q) r -> OR p (OR q r).1 subgoal
============================
forall p q r : Prop, OR (OR p q) r -> OR p (OR q r)
Lemma L6_3: forall p q r: Prop, OR (OR p q) r -> OR p (OR q r).
Admitted.L6_3 is assumed
Admitted.
(* ###################################################################### *)
(** *** Exercise 7 (Inductive types) *)
Exercise 7 (Inductive types)
(**
Define the type of the finite lists of natural numbers:
*)
Define the type of the finite lists of natural numbers:
Inductive List: Set :=
| nil: List
| cons: nat -> List -> List.List is defined
List_rect is defined
List_ind is defined
List_rec is defined
Inductive List: Set :=
| nil: List
| cons: nat -> List -> List.
(**
Coq defines automatically the corresponding induction
principle:
*)
Coq defines automatically the corresponding induction
principle:
Check List_ind.List_ind
: forall P : List -> Prop,
P nil ->
(forall (n : nat) (l : List), P l -> P (cons n l)) ->
forall l : List, P l
Check List_ind.
(**
Hence we can prove properties of lists of natural numbers
by induction. Furthermore, we can define functions with
recursion:
*)
Hence we can prove properties of lists of natural numbers
by induction. Furthermore, we can define functions with
recursion:
(** Length of a list, defined by pattern matching. *)
Length of a list, defined by pattern matching.
Fixpoint Len (L: List) : nat :=
match L with
| nil => O
| cons l ls => S (Len ls)
end.Len is recursively defined (decreasing on 1st argument)
Fixpoint Len (L: List) : nat :=
match L with
| nil => O
| cons l ls => S (Len ls)
end.
(**
Appending two lists.
For recursive definitions to be well-defined one of the
arguments must be decreasing (becoming smaller in the
recursive call to ensure that the recursion will terminate).
If there is more than one parameter we must inform Coq which
one is decreasing by the "struct" keyword.
*)
Appending two lists.
For recursive definitions to be well-defined one of the
arguments must be decreasing (becoming smaller in the
recursive call to ensure that the recursion will terminate).
If there is more than one parameter we must inform Coq which
one is decreasing by the "struct" keyword.
Fixpoint Append (L R: List) {struct L} : List :=
match L with
| nil => R
| cons l ls => cons l (Append ls R)
end.Append is recursively defined (decreasing on 1st argument)
Fixpoint Append (L R: List) {struct L} : List :=
match L with
| nil => R
| cons l ls => cons l (Append ls R)
end.
Print Append.Append =
fix Append (L R : List) : List :=
match L with
| nil => R
| cons l ls => cons l (Append ls R)
end
: List -> List -> List
Print Append.
(** Prove the following: *)
Prove the following:
Lemma Len_nil: Len nil = O.1 subgoal
============================
Len nil = 0
Lemma Len_nil: Len nil = O.
Admitted.Len_nil is assumed
Admitted.
Lemma Len_Append: forall L R: List,
Len (Append L R) = Len L + Len R.1 subgoal
============================
forall L R : List, Len (Append L R) = Len L + Len R
Lemma Len_Append: forall L R: List,
Len (Append L R) = Len L + Len R.
Admitted.Len_Append is assumed
Admitted.
(**
We define a function Reverse that given a list returns
another list with the elements of the first in reverse order
*)
We define a function Reverse that given a list returns
another list with the elements of the first in reverse order
Fixpoint Reverse (L: List) : List :=
match L with
| nil => nil
| cons l ls => Append (Reverse ls) (cons l nil)
end.Reverse is recursively defined (decreasing on 1st argument)
Fixpoint Reverse (L: List) : List :=
match L with
| nil => nil
| cons l ls => Append (Reverse ls) (cons l nil)
end.
Lemma Reverse_nil: Reverse nil = nil.1 subgoal
============================
Reverse nil = nil
Lemma Reverse_nil: Reverse nil = nil.
Admitted.Reverse_nil is assumed
Admitted.
Lemma Reverse_two_elts: forall a b: nat,
Reverse (cons a (cons b nil))= cons b (cons a nil).1 subgoal
============================
forall a b : nat, Reverse (cons a (cons b nil)) = cons b (cons a nil)
Lemma Reverse_two_elts: forall a b: nat,
Reverse (cons a (cons b nil))= cons b (cons a nil).
Admitted.Reverse_two_elts is assumed
Admitted.
(**
In the following lemma you may need to use the commutativity
of plus. This result is present in Coq standard library
together with plenty of other results.
See: http://coq.inria.fr/library-eng.html
Libraries can be loaded using "Require Import" command.
*)
In the following lemma you may need to use the commutativity
of plus. This result is present in Coq standard library
together with plenty of other results.
See: http://coq.inria.fr/library-eng.html
Libraries can be loaded using "Require Import" command.
Require Import Arith.
Require Import Arith.
(**
You can search for all results concerning plus (or any other
definition) with the following command:
*)
You can search for all results concerning plus (or any other
definition) with the following command:
SearchAbout plus.natSRth: semi_ring_theory 0 1 plus mult eq
nat_morph_N:
semi_morph 0 1 plus mult eq BinNat.N0 (BinNat.Npos 1) BinNat.Nplus
BinNat.Nmult Neq_bool Nnat.nat_of_N
natr_ring_lemma1:
forall (n : nat) (l : List.list nat)
(lpe : List.list
(Ring_polynom.PExpr BinNat.N * Ring_polynom.PExpr BinNat.N))
(pe1 pe2 : Ring_polynom.PExpr BinNat.N),
Ring_polynom.interp_PElist 0 plus mult (SRsub plus) SRopp eq Nnat.nat_of_N
id_phi_N (pow_N 1 mult) l lpe ->
(let lmp :=
Ring_polynom.mk_monpol_list BinNat.N0 (BinNat.Npos 1) BinNat.Nplus
BinNat.Nmult BinNat.Nplus (fun x : BinNat.N => x) Neq_bool
ZOdiv_def.Ndiv_eucl lpe in
Ring_polynom.Peq Neq_bool
(Ring_polynom.norm_subst BinNat.N0 (BinNat.Npos 1) BinNat.Nplus
BinNat.Nmult BinNat.Nplus (fun x : BinNat.N => x) Neq_bool
ZOdiv_def.Ndiv_eucl n lmp pe1)
(Ring_polynom.norm_subst BinNat.N0 (BinNat.Npos 1) BinNat.Nplus
BinNat.Nmult BinNat.Nplus (fun x : BinNat.N => x) Neq_bool
ZOdiv_def.Ndiv_eucl n lmp pe2)) = true ->
Ring_polynom.PEeval 0 plus mult (SRsub plus) SRopp Nnat.nat_of_N id_phi_N
(pow_N 1 mult) l pe1 =
Ring_polynom.PEeval 0 plus mult (SRsub plus) SRopp Nnat.nat_of_N id_phi_N
(pow_N 1 mult) l pe2
natr_ring_lemma2:
forall (n : nat)
(lH : List.list
(Ring_polynom.PExpr BinNat.N * Ring_polynom.PExpr BinNat.N))
(l : List.list nat),
Ring_polynom.interp_PElist 0 plus mult (SRsub plus) SRopp eq Nnat.nat_of_N
id_phi_N (pow_N 1 mult) l lH ->
forall
lmp : List.list (BinNat.N * Ring_polynom.Mon * Ring_polynom.Pol BinNat.N),
Ring_polynom.mk_monpol_list BinNat.N0 (BinNat.Npos 1) BinNat.Nplus
BinNat.Nmult BinNat.Nplus (fun x : BinNat.N => x) Neq_bool
ZOdiv_def.Ndiv_eucl lH = lmp ->
forall (pe : Ring_polynom.PExpr BinNat.N) (npe : Ring_polynom.Pol BinNat.N),
Ring_polynom.norm_subst BinNat.N0 (BinNat.Npos 1) BinNat.Nplus BinNat.Nmult
BinNat.Nplus (fun x : BinNat.N => x) Neq_bool ZOdiv_def.Ndiv_eucl n lmp
pe = npe ->
Ring_polynom.PEeval 0 plus mult (SRsub plus) SRopp Nnat.nat_of_N id_phi_N
(pow_N 1 mult) l pe =
Ring_polynom.Pphi_dev 0 1 plus mult (SRsub plus) SRopp BinNat.N0
(BinNat.Npos 1) Neq_bool Nnat.nat_of_N get_sign_None l npe
BinInt.ZL0: 2 = 1 + 1
Div2.double_plus:
forall n m : nat, Div2.double (n + m) = Div2.double n + Div2.double m
Even.even_plus_split:
forall n m : nat,
Even.even (n + m) -> Even.even n /\ Even.even m \/ Even.odd n /\ Even.odd m
Even.odd_plus_split:
forall n m : nat,
Even.odd (n + m) -> Even.odd n /\ Even.even m \/ Even.even n /\ Even.odd m
Even.even_even_plus:
forall n m : nat, Even.even n -> Even.even m -> Even.even (n + m)
Even.odd_plus_l:
forall n m : nat, Even.odd n -> Even.even m -> Even.odd (n + m)
Even.odd_plus_r:
forall n m : nat, Even.even n -> Even.odd m -> Even.odd (n + m)
Even.odd_even_plus:
forall n m : nat, Even.odd n -> Even.odd m -> Even.even (n + m)
Even.even_plus_aux:
forall n m : nat,
(Even.odd (n + m) <->
Even.odd n /\ Even.even m \/ Even.even n /\ Even.odd m) /\
(Even.even (n + m) <->
Even.even n /\ Even.even m \/ Even.odd n /\ Even.odd m)
Even.even_plus_even_inv_r:
forall n m : nat, Even.even (n + m) -> Even.even n -> Even.even m
Even.even_plus_even_inv_l:
forall n m : nat, Even.even (n + m) -> Even.even m -> Even.even n
Even.even_plus_odd_inv_r:
forall n m : nat, Even.even (n + m) -> Even.odd n -> Even.odd m
Even.even_plus_odd_inv_l:
forall n m : nat, Even.even (n + m) -> Even.odd m -> Even.odd n
Even.odd_plus_even_inv_l:
forall n m : nat, Even.odd (n + m) -> Even.odd m -> Even.even n
Even.odd_plus_even_inv_r:
forall n m : nat, Even.odd (n + m) -> Even.odd n -> Even.even m
Even.odd_plus_odd_inv_l:
forall n m : nat, Even.odd (n + m) -> Even.even m -> Even.odd n
Even.odd_plus_odd_inv_r:
forall n m : nat, Even.odd (n + m) -> Even.even n -> Even.odd m
plus_gt_reg_l: forall n m p : nat, p + n > p + m -> n > m
plus_gt_compat_l: forall n m p : nat, n > m -> p + n > p + m
List.app_length:
forall (A : Type) (l l' : List.list A),
List.length (List.app l l') = List.length l + List.length l'
List.seq_nth:
forall len start n d : nat,
n < len -> List.nth n (List.seq start len) d = start + n
minus_plus_simpl_l_reverse: forall n m p : nat, n - m = p + n - (p + m)
plus_minus: forall n m p : nat, n = m + p -> p = n - m
minus_plus: forall n m : nat, n + m - n = m
le_plus_minus: forall n m : nat, n <= m -> m = n + (m - n)
le_plus_minus_r: forall n m : nat, n <= m -> n + (m - n) = m
mult_plus_distr_r: forall n m p : nat, (n + m) * p = n * p + m * p
mult_plus_distr_l: forall n m p : nat, n * (m + p) = n * m + n * p
mult_succ_l: forall n m : nat, S n * m = n * m + m
mult_succ_r: forall n m : nat, n * S m = n * m + n
odd_even_lem: forall p q : nat, 2 * p + 1 <> 2 * q
mult_acc_aux: forall n m p : nat, m + n * p = mult_acc m p n
Nnat.nat_of_Nplus:
forall a a' : BinNat.N,
Nnat.nat_of_N (BinNat.Nplus a a') = Nnat.nat_of_N a + Nnat.nat_of_N a'
Nnat.N_of_plus:
forall n n' : nat,
Nnat.N_of_nat (n + n') = BinNat.Nplus (Nnat.N_of_nat n) (Nnat.N_of_nat n')
plus_n_O: forall n : nat, n = n + 0
plus_O_n: forall n : nat, 0 + n = n
plus_n_Sm: forall n m : nat, S (n + m) = n + S m
plus_Sn_m: forall n m : nat, S n + m = S (n + m)
mult_n_Sm: forall n m : nat, n * m + n = n * S m
plus_0_l: forall n : nat, 0 + n = n
plus_0_r: forall n : nat, n + 0 = n
plus_comm: forall n m : nat, n + m = m + n
plus_Snm_nSm: forall n m : nat, S n + m = n + S m
plus_assoc: forall n m p : nat, n + (m + p) = n + m + p
plus_permute: forall n m p : nat, n + (m + p) = m + (n + p)
plus_assoc_reverse: forall n m p : nat, n + m + p = n + (m + p)
plus_reg_l: forall n m p : nat, p + n = p + m -> n = m
plus_le_reg_l: forall n m p : nat, p + n <= p + m -> n <= m
plus_lt_reg_l: forall n m p : nat, p + n < p + m -> n < m
plus_le_compat_l: forall n m p : nat, n <= m -> p + n <= p + m
plus_le_compat_r: forall n m p : nat, n <= m -> n + p <= m + p
le_plus_l: forall n m : nat, n <= n + m
le_plus_r: forall n m : nat, m <= n + m
le_plus_trans: forall n m p : nat, n <= m -> n <= m + p
lt_plus_trans: forall n m p : nat, n < m -> n < m + p
plus_lt_compat_l: forall n m p : nat, n < m -> p + n < p + m
plus_lt_compat_r: forall n m p : nat, n < m -> n + p < m + p
plus_le_compat: forall n m p q : nat, n <= m -> p <= q -> n + p <= m + q
plus_le_lt_compat: forall n m p q : nat, n <= m -> p < q -> n + p < m + q
plus_lt_le_compat: forall n m p q : nat, n < m -> p <= q -> n + p < m + q
plus_lt_compat: forall n m p q : nat, n < m -> p < q -> n + p < m + q
plus_is_O: forall n m : nat, n + m = 0 -> n = 0 /\ m = 0
plus_is_one:
forall m n : nat, m + n = 1 -> {m = 0 /\ n = 1} + {m = 1 /\ n = 0}
plus_permute_2_in_4: forall n m p q : nat, n + m + (p + q) = n + p + (m + q)
plus_tail_plus: forall n m : nat, n + m = tail_plus n m
succ_plus_discr: forall n m : nat, n <> S (m + n)
Pnat.Pmult_nat_succ_morphism:
forall (p : BinPos.positive) (n : nat),
BinPos.Pmult_nat (BinPos.Psucc p) n = n + BinPos.Pmult_nat p n
Pnat.Pmult_nat_plus_carry_morphism:
forall (p q : BinPos.positive) (n : nat),
BinPos.Pmult_nat (BinPos.Pplus_carry p q) n =
n + BinPos.Pmult_nat (BinPos.Pplus p q) n
Pnat.Pmult_nat_l_plus_morphism:
forall (p q : BinPos.positive) (n : nat),
BinPos.Pmult_nat (BinPos.Pplus p q) n =
BinPos.Pmult_nat p n + BinPos.Pmult_nat q n
Pnat.nat_of_P_plus_morphism:
forall p q : BinPos.positive,
BinPos.nat_of_P (BinPos.Pplus p q) = BinPos.nat_of_P p + BinPos.nat_of_P q
Pnat.Pmult_nat_r_plus_morphism:
forall (p : BinPos.positive) (n : nat),
BinPos.Pmult_nat p (n + n) = BinPos.Pmult_nat p n + BinPos.Pmult_nat p n
Pnat.ZL6:
forall p : BinPos.positive,
BinPos.Pmult_nat p 2 = BinPos.nat_of_P p + BinPos.nat_of_P p
Pnat.ZL7: forall n m : nat, n < m -> n + n < m + m
Pnat.ZL8: forall n m : nat, n < m -> S (n + n) < m + m
Pnat.ZL3:
forall n : nat,
BinPos.Psucc (BinPos.P_of_succ_nat (n + n)) =
BinPos.xO (BinPos.P_of_succ_nat n)
Pnat.ZL5:
forall n : nat,
BinPos.P_of_succ_nat (S n + S n) = BinPos.xI (BinPos.P_of_succ_nat n)
iter_nat_plus:
forall (n m : nat) (A : Type) (f : A -> A) (x : A),
iter_nat (n + m) A f x = iter_nat n A f (iter_nat m A f x)
Zabs.Zabs_nat_Zplus:
forall x y : BinInt.Z,
BinInt.Zle 0 x ->
BinInt.Zle 0 y ->
BinInt.Zabs_nat (BinInt.Zplus x y) = BinInt.Zabs_nat x + BinInt.Zabs_nat y
Znat.inj_plus:
forall n m : nat,
BinInt.Z_of_nat (n + m) =
BinInt.Zplus (BinInt.Z_of_nat n) (BinInt.Z_of_nat m)
Len_Append: forall L R : List, Len (Append L R) = Len L + Len R
SearchAbout plus.
(**
The lemma stating commutativity of plus is called "plus_comm"
*)
The lemma stating commutativity of plus is called "plus_comm"
Check plus_comm.plus_comm
: forall n m : nat, n + m = m + n
Check plus_comm.
(**
Prove that Reverse returns a list of the same size as
its argument
*)
Prove that Reverse returns a list of the same size as
its argument
Lemma Reverse_Len: forall L: List, Len (Reverse L) = Len L.1 subgoal
============================
forall L : List, Len (Reverse L) = Len L
Lemma Reverse_Len: forall L: List, Len (Reverse L) = Len L.
Admitted.Reverse_Len is assumed
Admitted.
(**
Prove that if we apply Reverse two times we get back the
original list. For that you may need a number of auxiliary
lemmas, like: associativity of Append
*)
Prove that if we apply Reverse two times we get back the
original list. For that you may need a number of auxiliary
lemmas, like: associativity of Append
Lemma Append_assoc: forall L R T: List,
Append (Append L R) T = Append L (Append R T).1 subgoal
============================
forall L R T : List, Append (Append L R) T = Append L (Append R T)
Lemma Append_assoc: forall L R T: List,
Append (Append L R) T = Append L (Append R T).
Admitted.Append_assoc is assumed
Admitted.
(**
... appending with an empty list as second argument
*)
... appending with an empty list as second argument
Lemma Append_nil: forall L: List, Append L nil = L.1 subgoal
============================
forall L : List, Append L nil = L
Lemma Append_nil: forall L: List, Append L nil = L.
Admitted.Append_nil is assumed
Admitted.
(**
... and distributivity of Reverse with Append
*)
... and distributivity of Reverse with Append
Lemma Reverse_Append: forall L R: List,
Reverse (Append L R) = Append (Reverse R) (Reverse L).1 subgoal
============================
forall L R : List, Reverse (Append L R) = Append (Reverse R) (Reverse L)
Lemma Reverse_Append: forall L R: List,
Reverse (Append L R) = Append (Reverse R) (Reverse L).
Admitted.Reverse_Append is assumed
Admitted.
(**
Finally: double Reverse
*)
Finally: double Reverse
Lemma Reverse_twice: forall L: List, L = Reverse (Reverse L).1 subgoal
============================
forall L : List, L = Reverse (Reverse L)
Lemma Reverse_twice: forall L: List, L = Reverse (Reverse L).
Admitted.Reverse_twice is assumed
Admitted.
(* ###################################################################### *)
(** * Naive Set Theory *)
(** *** Exercise 8. (naive set representation) *)
Exercise 8. (naive set representation)
(**
Introduce a variable U of type Set.:
*)
Introduce a variable U of type Set.:
Variable U: Set.U is assumed
Variable U: Set.
(**
We can think of the predicates on "U" as sets, i.e. "U" is the
'universe' of all objects and a set is a predicate that describes
which of the elements of the universe belong to it. If "A" is of
type "U -> Prop" then "A" can be seen as the set {x:U | A(x)},
the elements of U for which the predicate holds. Hence we define
*)
We can think of the predicates on "U" as sets, i.e. "U" is the
'universe' of all objects and a set is a predicate that describes
which of the elements of the universe belong to it. If "A" is of
type "U -> Prop" then "A" can be seen as the set {x:U | A(x)},
the elements of U for which the predicate holds. Hence we define
Definition SET := U -> Prop.SET is defined
Definition SET := U -> Prop.
(**
If "A: SET" and "x: U" then "A x" means `x is an element of A'.
*)
If "A: SET" and "x: U" then "A x" means `x is an element of A'.
(** 1. Define the subset relation on SET. *)
1. Define the subset relation on SET.
Definition subset (P Q: SET) := forall x: U, P x -> Q x.subset is defined
Definition subset (P Q: SET) := forall x: U, P x -> Q x.
Check subset.subset
: SET -> SET -> Prop
Check subset.
(** 2. Prove that subset is reflexive and transitive *)
2. Prove that subset is reflexive and transitive
Lemma subset_refl: forall A: SET, subset A A.1 subgoal
============================
forall A : SET, subset A A
Lemma subset_refl: forall A: SET, subset A A.
Admitted.subset_refl is assumed
Admitted.
Lemma subset_trans: forall A B C: SET,
subset A B -> subset B C -> subset A C.1 subgoal
============================
forall A B C : SET, subset A B -> subset B C -> subset A C
Lemma subset_trans: forall A B C: SET,
subset A B -> subset B C -> subset A C.
Admitted.subset_trans is assumed
Admitted.
(**
3. Using subset, define equality, union and intersection of
SETs. Note that "/\" is Coq notation for conjunction and "\/"
for disjunction.
*)
3. Using subset, define equality, union and intersection of
SETs. Note that "/\" is Coq notation for conjunction and "\/"
for disjunction.
Definition eq_set (A B: SET) := subset A B /\ subset B A.eq_set is defined
Definition eq_set (A B: SET) := subset A B /\ subset B A.
Definition union (A B: SET) := fun x:U => A x \/ B x.union is defined
Definition union (A B: SET) := fun x:U => A x \/ B x.
Definition intersection (A B: SET) := fun x:U => A x /\ B x.intersection is defined
Definition intersection (A B: SET) := fun x:U => A x /\ B x.
(** 4. Prove *)
4. Prove
Lemma intersection_subset: forall A B: SET,
subset (intersection A B) A.1 subgoal
============================
forall A B : SET, subset (intersection A B) A
Lemma intersection_subset: forall A B: SET,
subset (intersection A B) A.
Admitted.intersection_subset is assumed
Admitted.
Lemma subset_union: forall A B: SET,
subset A (union A B).1 subgoal
============================
forall A B : SET, subset A (union A B)
Lemma subset_union: forall A B: SET,
subset A (union A B).
Admitted.subset_union is assumed
Admitted.
Lemma union_double: forall A: SET, eq_set (union A A) A.1 subgoal
============================
forall A : SET, eq_set (union A A) A
Lemma union_double: forall A: SET, eq_set (union A A) A.
Admitted.union_double is assumed
Admitted.
(**
5. Define the empty set and prove that it is a subset of every
other SET.
*)
5. Define the empty set and prove that it is a subset of every
other SET.
Definition empty := fun x:U => False.empty is defined
Definition empty := fun x:U => False.
Lemma empty_subset: forall A: SET, subset empty A.1 subgoal
============================
forall A : SET, subset empty A
Lemma empty_subset: forall A: SET, subset empty A.
Admitted.empty_subset is assumed
Admitted.