coq

问题 I have the following during a proof, in which I need to replace normal_form step t with value t as there is a proven theorem that there are equivalent. H1 : t1 ==>* t1' /\ normal_form step t1' t2' : tm H2 : t2 ==>* t2' /\ normal_form step t2' ______________________________________(1/1) exists t' : tm, P t1 t2 ==>* t' /\ normal_form step t' The equivalence theorem is: Theorem nf_same_as_value : forall t : tm, normal_form step t <-> value t Now, I can use this theorem to rewrite normal_form

问题 $ coqtop -nois Welcome to Coq 8.7.0 (October 2017) Coq < Ltac i := idtac. Toplevel input, characters 0-4: > Ltac i := idtac. > ^^^^ Error: Syntax error: illegal begin of vernac. I am redeveloping "Coq.Init.Prelude" and "HoTT.Basics.Overture" under "coqtop -nois" for pratice. I find it hard to write expressions directly. That's why I want to use tactics. I wonder why I can not use "Ltac". 回答1: Ltac is now provided as a plugin, which you’ll need to load to use: Declare ML Module "ltac_plugin".

问题 I'm trying to learn Coq, but I find it hard to make the leap from what I read in Software Foundations and Certified Programming with Dependent Types to my own use cases. In particular, I thought I'd try to make a verified version of the nth function on lists. I managed to write this: Require Import Arith. Require Import List. Import ListNotations. Lemma zltz: 0 < 0 -> False. Proof. intros. contradict H. apply Lt.lt_irrefl. Qed. Lemma nltz: forall n: nat, n < 0 -> False. Proof. intros.

问题 In Coq I can define a Church encoding for lists of length n: Definition listn (A : Type) : nat -> Type := fun m => forall (X : nat -> Type), X 0 -> (forall m, A -> X m -> X (S m)) -> X m. Definition niln (A : Type) : listn A 0 := fun X n c => n. Definition consn (A : Type) (m : nat) (a : A) (l : listn A m) : listn A (S m) := fun X n c => c m a (l X n c). Is the type system of Haskell (including its extensions) strong enough to accommodate such definitions? If yes, how? 回答1: Sure it is: {-#

问题 Adding Axioms to COQ often makes proofs easier but also introduces some side effects. For instance, by using the classical axiom one leaves the intuitionistic realm and proofs are no longer computable. My question is, what is the downside of using the functional extensionality axiom? 回答1: For me, the drawbacks of using functional extensionality are more or less the same as using any other axiom in Coq: it increases the complexity of the system and how much we need to trust. Although in theory

问题 i'm using CoqIDE_8.4pl5 on mac os X. This error message pops up when CoqIDE forwards to this command: Require Import Basics. Error: Compiled library Basics.vo makes inconsistent assumptions over library Coq.Init.Notations I didn't get this problem on my old Macbook Air when i was using CoqIDE_8.4pl5, but when i got a new macbook pro, and i downloaded it again from the same website. But this time on this macbook pro, i used brew cask install coq to get it installed... but it seemed to not work

问题 I noticed that in Coq's definition of rationals the inverse of zero is defined to zero. (Usually, division by zero is not well-defined/legal/allowed.) Require Import QArith. Lemma inv_zero_is_zero: (/ 0) == 0. Proof. unfold Qeq. reflexivity. Qed. Why is it so? Could it cause problems in calculations with rationals, or is it safe? 回答1: The short answer is: yes, it is absolutely safe. When we say that division by zero is not well-defined, what we actually mean is that zero doesn't have a

问题 As there are non-Turing complete languages out there, and given I didn't study Comp Sci at university, could someone explain something that a Turing-incomplete language (like Coq) cannot do? Or is the completeness/incompleteness of no real practical interest (i.e. does it not make much difference in practice)? EDIT - I'm looking for an answer along the lines of you cannot build a hash table in a non-Turing complete language due to X , or something like that! 回答1: First, I assume you've

问题 I am completely new to coq programming and unable to prove below theorem. I need help on steps how to solve below construct? Theorem PeirceContra: forall (p q:Prop), ~p->~((p ->q) ->p). I tried the proof below way. Given axiom as Axiom classic : forall P:Prop, P \/ ~ P. Theorem PeirceContra: forall (p q:Prop), ~ p -> ~((p -> q) -> p). Proof. unfold not. intros. apply H. destruct (classic p) as [ p_true | p_not_true]. - apply p_true. - elimtype False. apply H. Qed. Getting subgoal after using

问题 I'm writing a toy language where nodes in the AST can have any number of children ( Num has 0, Arrow has 2, etc). You might call these operators. Additionally, exactly one node in the AST might be "focused". We index the data type with Z if it has a focus, or H if it doesn't. I need advice on a few parts of the code. Hopefully it's alright to ask all of these at once, since they're related. How would you define the type of internal nodes with one focus, InternalZ ? Right now I say "we have S