coq | 易学教程

Coq: a single notation for multiple constructors

阅读更多关于 Coq: a single notation for multiple constructors

问题 Is it possible to define a single notation for multiple constructors in Coq? If the constructors differ by their argument types, they might be inferrable from them. A minimal (non-)working example: Inductive A : Set := a | b | c: C -> A | d: D -> A with C: Set := c1 | c2 with D: Set := d1 | d2. Notation "' x" := (_ x) (at level 19). Check 'c1. (*?6 c1 : ?8*) In this case, constructor inference doesn't work. Maybe there's another way to specify a constructor as a variable? 回答1: You can create

Proof by case analysis in Coq

阅读更多关于 Proof by case analysis in Coq

问题 I am trying to prove a Proposition about the following function: Program Fixpoint division (m:nat) (n:nat) {measure m} : nat := match lt_nat 0 n with | false => 0 | true => match leq_nat n m with | false => 0 | true => S (division (menos m n) n) end end. menos is natural subtraction. I am trying to prove some fact involving division. I wrote down an informal proof were I first consider a case analysis in lt_nat 0 n and then in the case when lt_nat is true a further case analysis in leq_nat n

Coq - Induction over functions without losing information

阅读更多关于 Coq - Induction over functions without losing information

问题 I'm having some troubles in Coq when trying to perform case analysis on the result of a function (which returns an inductive type). When using the usual tactics, like elim , induction , destroy , etc, the information gets lost. I'll put an example: We first have a function like so: Definition f(n:nat): bool := (* definition *) Now, imagine we are at this step in the proof of a specific theorem: n: nat H: f n = other_stuff ------ P (f n ) When I apply a tactic, like let's say, induction (f n)

Coq: keeping information in a match statement

阅读更多关于 Coq: keeping information in a match statement

问题 I'm building a recursive function that does a match on a list l . In the cons branch I need to use the information that l = cons a l' in order to prove that the recursive function terminates. However, when I use match l the information gets lost. How can I use match to keep the information? Here is the function ( drop and drop_lemma_le are given at the end, for readability): Fixpoint picksome (l:list nat) (H : Acc lt (length l)) {struct H}: list nat. refine ( match l with nil => nil | cons a

Coq induction start at specific nat

阅读更多关于 Coq induction start at specific nat

问题 I'm trying to learn coq so please assume I know nothing about it. If I have a lemma in coq that starts forall n m:nat, n>=1 -> m>=1 ... And I want to proceed by induction on n. How do I start the induction at 1? Currently when I use the "induction n." tactic it starts at zero and this makes the base statement false which makes it hard to proceed. Any hints? 回答1: The following is a proof that every proposition P is true forall n>=1 , if P is true for 1 and if P is inductively true. Require

Implementing vector addition in Coq

阅读更多关于 Implementing vector addition in Coq

问题 Implementing vector addition in some of the dependently typed languages (such as Idris) is fairly straightforward. As per the example on Wikipedia: import Data.Vect %default total pairAdd : Num a => Vect n a -> Vect n a -> Vect n a pairAdd Nil Nil = Nil pairAdd (x :: xs) (y :: ys) = x + y :: pairAdd xs ys (Note how Idris' totality checker automatically infers that addition of Nil and non- Nil vectors is a logical impossibility.) I am trying to implement the equivalent functionality in Coq,

Proofs' role in Coq extractions

阅读更多关于 Proofs' role in Coq extractions

问题 I'm trying to understand what is the role of proofs in Coq extractions. I have the following example of floor integer division by two taken from here. For my first try I used the Admitted keyword: (*********************) (* div_2_even_number *) (*********************) Definition div_2_even_number: forall n, (Nat.Even n) -> {p:nat | n=p+p}. Proof. Admitted. (*************) (* test_even *) (*************) Definition test_even: forall n, {Nat.Even n}+{Nat.Even (pred n)}. Proof. Admitted. (******

Handling let in hypothesis

阅读更多关于 Handling let in hypothesis

问题 As an exercise in Coq, I'm trying to prove that the following function returns a pair of lists of equal length. Require Import List. Fixpoint split (A B:Set)(x:list (A*B)) : (list A)*(list B) := match x with |nil => (nil, nil) |cons (a,b) x1 => let (ta, tb) := split A B x1 in (a::ta, b::tb) end. Theorem split_eq_len : forall (A B:Set)(x:list (A*B))(y:list A)(z:list B),(split A B x)=(y,z) -> length y = length z. Proof. intros A B x. elim x. simpl. intros y z. intros H. injection H. intros H1

Impredicative polymorphism in F#

阅读更多关于 Impredicative polymorphism in F#

问题 OCaml's Hindley-Milner type system does not allow for impredicative polymorphism (à la System-F), except through a somewhat recent extension for record types. The same applies to F#. It however is sometimes desirable to translate programs written with impredicative polymorphism (e.g. Coq) into such languages. The solution for Coq's extractor to OCaml is to (sparingly) use Obj.magic , which is a kind of universal unsafe cast. This works because in OCaml's runtime system, all values have the

Lexicographical comparison of tuples of nats

阅读更多关于 Lexicographical comparison of tuples of nats

I'm working with tuples of nat s (specifically triples, nat*nat*nat ) and would like a way to lexicographically compare tuples. Something equivalent to this: Inductive lt3 : nat*nat*nat -> nat*nat*nat -> Prop := | lt3_1 : forall n1 n2 n3 m1 m2 m3, n1 < m1 -> lt3 (n1,n2,n3) (m1,m2,m3) | lt3_2 : forall n1 n2 n3 m2 m3, n2 < m2 -> lt3 (n1,n2,n3) (n1,m2,m3) | lt3_3 : forall n1 n2 n3 m3, n3 < m3 -> lt3 (n1,n2,n3) (n1,n2,m3). I would like to have proofs of basic properties such as transitivity and well-foundedness. Are there things in the standard library that do most of the work? If not, I'm most