coq

问题 In the Coq standard library, there is an enumerated type called comparison with three elements Eq,Lt,Gt . This is used to define the less-than or less-than-or-equal operators in ZArith : m < n is defined as m ?= n = Lt and m <= n is defined as m ?= n <> Gt . By virtue of Hedberg's theorem ( UIP_dec in the standard library) I can prove that < is proof-irrelevant, but I run into issues when it comes to <= , since it is defined negatively. I find this particularly annoying, since if <= were

问题 Let's say that I know certain natural numbers are good . I know 1 is good, if n is good then 3n is, and if n is good then n+5 is, and those are only ways of constructing good numbers. It seems to me that the adequate formalization of this in Coq is Inductive good : nat -> Prop := | g1 : good 1 | g3 : forall n, good n -> good (n * 3) | g5 : forall n, good n -> good (n + 5). However, despite being obvious, the fact that 0 is not good seems not being provable using this definition (because when

问题 I am still wondering what it means that a term of the equality type eq in COQ can be different from eq_refl . Is the following term an example for this? ((fun x:nat => eq_refl x) 2). This term is syntactically different from eq_refl , but nevertheless it computes to eq_refl . Does there exist examples of terms which do not compute to eq_refl ? P.S. Its not a homework question ;-) 回答1: As you point out, (fun x => eq_refl x) 2 is not actually different from eq_refl 2 , since both expressions

问题 In Software Foundations IndProp.v one is asked to prove the pigeonhole principle , and one may use excluded middle , but it is mentioned that it is not strictly necessary. I've been trying to prove it without EM, but my brain seems to be wired classically. Q: How would one prove the theorem without using excluded middle? How should one generally approach proofs for types without decidable equality, where one can't easily reason by cases? I'd be very happy for a complete proof to look at, but

问题 Here is the completeness axiom defined in the Coq standard library. Definition is_upper_bound (E:R -> Prop) (m:R) := forall x:R, E x -> x <= m. Definition bound (E:R -> Prop) := exists m : R, is_upper_bound E m. Definition is_lub (E:R -> Prop) (m:R) := is_upper_bound E m /\ (forall b:R, is_upper_bound E b -> m <= b). Axiom completeness : forall E:R -> Prop, bound E -> (exists x : R, E x) -> { m:R | is_lub E m }. Suppose I add in Axiom supremum :forall E:R -> Prop, (exists l : R,is_upper_bound

问题 This question is inspired by Software Foundations, but isn't about an exercise. That I know about, so far. The Imp chapter ("Simple Imperative Programs") uses functional maps (from the Maps chapter ("Total and Partial Maps")) for the environment of the simpl.[1] programming language. Inductive id : Type := | Id : string -> id. Definition total_map (A:Type) := id -> A. Definition t_empty {A:Type} (v : A) : total_map A := (fun _ => v). Definition t_update {A:Type} (m : total_map A) (x : id) (v

问题 For example Record posreal : Type := mkposreal {pos :> R; cond_pos : 0 < pos}. what does the ":>" mean? I hope this isn't a duplicate, but a symbol is hard to search for. 回答1: In this particular case it inserts a Coercion from the posreal record to its field pos . This means you can use a posreal for an R in most cases. Try: Definition idR (x : R) := x. Variable (r : posreal). Compute (idR r). See https://coq.inria.fr/refman/Reference-Manual021.html#Coercions-and-records 来源： https:/

问题 I have the following Lemma with an incomplete proof: Lemma (s_is_plus_one : forall n:nat, S n = n + 1). Proof. intros. reflexivity. Qed. This proof fails with Unable to unify "n + 1" with "S n". It seems like eq_S would be the way to prove this, but I can't apply it (it doesn't recognize n + 1 as S n : Error: Unable to find an instance for the variable y. ). I've also tried ring , but it can't find a relation. When I use rewrite , it just reduces to the same final goal. How can I finish this

问题 Consider the following code: Inductive Even : nat -> Prop := | EO : Even O | ESS : forall n, Even n -> Even (S (S n)). Fixpoint is_even_prop (n : nat) : Prop := match n with | O => True | S O => False | S (S n) => is_even_prop n end. Theorem is_even_prop_correct : forall n, is_even_prop n -> Even n. Admitted. Example Even_5000 : Even 5000. Proof. apply is_even_prop_correct. Time constructor. (* ~0.45 secs *) Undo. Time (constructor 1). (* ~0.25 secs *) Undo. (* The documentation for

问题 I want to prove the following theorem: Theorem Frobenius (A: Set) (q: Prop) (p: A -> Prop) : (q \/ forall x : A, p x) -> (forall x : A, q \/ p x). I already got the following piece of the proof: Proof. intro. intro. destruct H. left. assumption. But now I am in a situation I don't know what to do. The following things are at my disposal: A : Set q : Prop p : A -> Prop H : forall x : A, p x x : A And I would like to prove the following subgoal: q \/ p x How can I eliminate the forall