coq

While trying to create an Ltac definition that loops over a variable-length argument list, I encountered the following unexpected behavior on Coq 8.4pl2. Can anyone explain it to me? Ltac ltac_loop X := match X with | 0 => idtac "done" | _ => (fun Y => idtac "hello"; ltac_loop Y) end. Goal True. ltac_loop 0. (* prints "done" as expected *) ltac_loop 1 0. (* prints "hello" then "done" as expected *) ltac_loop 1 1 0. (* unexpectedly yields "Error: Illegal tactic application." *) Let's expand the last invocation of ltac_loop to see what's happening: ltac_loop 1 1 0 -> (fun Y => idtac "hello";

When I use Function to define a non-structurally recursive function in Coq, the resulting object behaves strangely when a specific computation is asked. Indeed, instead of giving directly the result, the Eval compute in ... directive return a rather long (typically 170 000 lines) expression. It seems that Coq cannot evaluate everything, and therefore returns a simplified (but long) expression instead of just a value. The problem seems to come from the way I prove the obligations generated by Function . First, I thought the problem came from the opaque terms I used, and I converted all the

We have a function that inserts an element into a specific index of a list. Fixpoint inject_into {A} (x : A) (l : list A) (n : nat) : option (list A) := match n, l with | 0, _ => Some (x :: l) | S k, [] => None | S k, h :: t => let kwa := inject_into x t k in match kwa with | None => None | Some l' => Some (h :: l') end end. The following property of the aforementioned function is of relevance to the problem (proof omitted, straightforward induction on l with n not being fixed): Theorem inject_correct_index : forall A x (l : list A) n, n <= length l -> exists l', inject_into x l n = Some l'.

I'm trying to define the game inductive type for combinatorial games. I want a comparison method which tells if two games are lessOrEq , greatOrEq , lessOrConf or greatOrConf . Then I can check if two games are equal if they are both lessOrEq and greatOrEq . But when I try defining the mutually recursive methods for making this check, I get: Error: Cannot guess decreasing argument of fix . I think this is because only one game or the other decreases in size with each recursive call (but not both). How can I indicate this to Coq? Here's my code. The part that fails is the mutually recursive

What I am looking for is an auto -like tactic that can prove simple equalities like: 1/2 = 2/4 So far, what I've tried manually is to use ring_simplify and field_simplify to prove equalities. Even this doesn't work out well (Coq 8.5b3). The example below works: Require Export Coq.Reals.RIneq. Local Open Scope Z_scope. Local Open Scope R_scope. Example test2: 1 = 1 / 1. Proof. field_simplify. field_simplify. reflexivity. Qed. But it was necessary to use field_simplfy twice before reflexivity . The first field_simplfiy gives me: 1 subgoal ______________________________________(1/1) 1 / 1 = 1 / 1

I'm trying to prove simple field properties directly from the field's axioms. After some experiments with Coq's native field support ( like this one ) I decided it's better to simply write down the 10 axioms and make it self contained. I encountered a difficulty when I needed to use rewrite with my own == operator which naturally did not work. I realize I have to add some axioms that my == is reflexive, symmetrical and transitive, but I wondered if that is all it takes? or maybe there is an even easier way to use rewrite with a user defined == ? Here is my Coq code: Variable (F:Type). Variable

I can define the following inductive type: Inductive T : Type -> Type := | c1 : forall (A : Type), A -> T A | c2 : T unit. But then the command Check (c1 (T nat)) fails with the message: The term T nat has type Type@{max(Set, Top.3+1)} while it is expected to have type Type@{Top.3} (universe inconsistency). How can I tweak the above inductive definition so that c1 (T nat) does not cause a universe inconsistency, and without setting universe polymorphism on? The following works, but I would prefer a solution without adding equality: Inductive T (A : Type) : Type := | c1 : A -> T A | c2' : A =

Suppose the following particular scenario. We have a definition of equality: Inductive eqwal {A : Type} (x : A) : A -> Prop := eqw_refl : eqwal x x. And peano nats: Inductive nawt : Prop := | zewro : nawt | sawc : nawt -> nawt. We define addition on nats: Fixpoint plaws (m n : nawt) : nawt := match m with | zewro => n | sawc m' => sawc (plaws m' n) end. And now we want to prove that zero is neutral from right wrt. summing: Theorem neutral_r : forall n : nawt, eqwal (plaws n zewro) n. Sadly the last line of the following proofscripts says " Error: n is used in conclusion. ". Proof. intros.

I understood destruct as it breaks an inductive definition into its constructors. I recently saw case_eq and I couldn't understand what it does differently? 1 subgoals n : nat k : nat m : M.t nat H : match M.find (elt:=nat) n m with | Some _ => true | None => false end = true ______________________________________(1/1) cc n (M.add k k m) = true In the above context, if I do destruct M.find n m it breaks H into true and false whereas case_eq (M.find n m) leaves H intact and adds separate proposition M.find (elt:=nat) n m = Some v , which I can rewrite to get same effect as destruct. Can someone