coq

问题 I'm experimenting with the Coq field module trying to prove the following simple identity directly from field axioms: forall v, 0v == v . I saw that both 0 and == have existing notations, so I tried this (but failed): (***********) (* IMPORTS *) (***********) Require Import Coq.setoid_ring.Field_theory. (*********************) (* forall v, 0v == v *) (*********************) Lemma mul_0_l: forall v, ("0" * v "==" "0")%R_scope. Proof. I got this error message: Unknown scope delimiting key R

问题 If I have the following line: Definition Foo : Set := list nat. then I compile with no problems. However, suppose I want to do the same with Coq.Lists.ListSet , a library representing finite sets as lists: (*Section first_definitions. Variable A : Type. Definition listset := list A.*) Definition Bar : Set := listset nat. I get the following error: The term "listset nat" has type "Type" while it is expected to have type "Set" (universe inconsistency). Is there a way to "cast" listset so that

问题 For using reflexivity , I must somehow transform n + 1 to (S n) . This should be a rather simple transformation, but I don't know how to tell Coq to do it. How do I proceed? 回答1: Since they are not equal, just equivalent, you can use replace (n + 1) with (S n) which will ask you to prove that fact. Or you can use rewrite with the correct lemma from the std lib, which is add_1_r iirc. 来源： https://stackoverflow.com/questions/40614082/coq-how-do-i-replace-terms-like-n-1-with-s-n

问题 I am trying to install one of the coq user contrib libraries (MathClasses). After some googling, I found what seems to be a central git repository at the Coq website, https://gforge.inria.fr/git/coq-contribs/. Following the README file there, I tried to get the source code by: git clone git+ssh://scm.gforge.inria.fr/git/coq-contribs/coq-contribs.git But I get an error: Cloning into 'coq-contribs'... ssh: connect to host gforge.inria.fr port 22: Connection refused fatal: Could not read from

问题 I read in a few tutorials that if a then b else c stands for match a with true => b | false => c end . However the former very strangely does not check the type of a , while the latter of course makes sure that a is a boolean. For instance, Coq < Check if nil then 1 else 2. if nil then 1 else 2 : nat where ?A : [ |- Type] Coq < Check match nil with true => 1 | false => 2 end. Toplevel input, characters 33-38: > Check match nil with true => 1 | false => 2 end. > ^^^^^ Error: Found a

问题 How can I prove termination for size_prgm ? I tried, but can't come up with a well founded relation to pass to Fix . Inductive Stmt : Set := | assign: Stmt | if': (list Stmt) -> (list Stmt) -> Stmt. Fixpoint size_prgm (p: list Stmt) : nat := match p with | nil => 0 | s::t => size_prgm t + match s with | assign => 1 | if' b0 b1 => S (size_prgm b0 + size_prgm b1) end end. 回答1: The termination oracle is quite better than what it used to be. Defining a function sum_with using fold_left and

问题 I am trying to define a relatively simple function on Coq: (* Preliminaries *) Require Import Vector. Definition Vnth {A:Type} {n} (v : Vector.t A n) : forall i, i < n -> A. admit. Defined. (* Problematic definition below *) Definition VnthIndexMapped {A:Type} {i o:nat} (x: Vector.t (option A) i) (f': nat -> option nat) (f'_spec: forall x, x<o -> (forall z,(((f' x) = Some z) -> z < i)) \/ (f' x = None)) (n:nat) (np: n<o) : option A := match (f' n) as fn, (f'_spec n np) return f' n = fn ->

问题 destruct can be used to split and , or in Coq. But it seems can also be used in implication? For example, I want to prove ~~(~~P -> P) Lemma test P : ~~(~~P -> P). Proof. unfold not. intro pffpf. apply pffpf. intro pff. destruct pff. intro p. apply pffpf. intro pff. exact p. Qed. when destruct pff. it works fine, but I don't know why? Can anyone explain it for me? 回答1: The destruct tactic works on implications if the conclusion of the implication is of inductive (or co-inductive) type. Hence

问题 I want to set Coq up, without redefining the : with a notation (and without a plugin, and without replacing the standard library or redefining the constants I'm using---no cheating like that), so that I have something like a partial coercion from option nat to nat , which is defined only on Some _ . In particular, I want Eval compute in Some 0 : nat. to evaluate to 0 , and I want Check None : nat. to raise an error. The closest I've managed is the ability to do this with two : s: Definition

问题 I have a type defined as Inductive bits : nat -> Set := | bitsNil : bits 0 | bitsCons : forall {l}, bool -> bits l -> bits (S l). and I'm trying to prove: Lemma emptyIsAlwaysNil : forall {a: bits 0}, a = bitsNil. After intros , I've tried constructor 1 , case a , intuition , to no avail. case a seems like the closest, but it gets an error: Abstracting over the terms "0" and "a" leads to a term fun (n : nat) (a0 : bits n) => a0 = bitsNil which is ill-typed. Reason is: Illegal application: The