coq

问题 I'm trying to extract a witness from a coq proposition (or something like that...). I have something that goes like Parameter atom_fresh_for_list : forall (xs : list atom), {x : atom | ~ List.In x xs}. (Which is proven afterward, with an explicit type for atom : Lemma atom_fresh_for_list : forall (xs : list nat), { n : nat | ~ List.In n xs }. How do I extract such an x ? The Documentation says From such a (exist x p) we may in turn extract its witness x:A (using an elimination construct such

问题 This is probably super trivial, but I can't find any information about what the ':>' symbol means in Coq. What is the difference between: U : Type and W :> Type ? 回答1: It depends on where the symbol occurs. If it is inside a record declaration, for instance, it instructs Coq to add the corresponding record projection as a coercion. Concretely, suppose that we have the following definition of a type with an operation: Record foo := Foo { sort :> Type; op : sort -> sort -> sort }. We can now

问题 I was working is this simple exercise about writing certified function using subset types. The idea is to first write a predecessor function pred : forall (n : {n : nat | n > 0}), {m : nat | S m = n.1}. and then using this definition give a funtion pred2 : forall (n : {n : nat | n > 1}), {m : nat | S (S m) = n.1}. I have no problem with the first one. Here is my code Program Definition pred (n : {n : nat | n > 0}) : {m : nat | S m = n.1} := match n with | O => _ | S n' => n' end. Next

问题 I was working is this simple exercise about writing certified function using subset types. The idea is to first write a predecessor function pred : forall (n : {n : nat | n > 0}), {m : nat | S m = n.1}. and then using this definition give a funtion pred2 : forall (n : {n : nat | n > 1}), {m : nat | S (S m) = n.1}. I have no problem with the first one. Here is my code Program Definition pred (n : {n : nat | n > 0}) : {m : nat | S m = n.1} := match n with | O => _ | S n' => n' end. Next

问题 I want to change the goal from S x = S y to x = y . It's like inversion , but for the goal instead of a hypothesis. Such a tactic seems legit, because when we have x = y , we can simply use rewrite and reflexivity to prove the goal. Currently I always find myself using assert (x = y) to introduce a new subgoal, but it's tedious to write when x and y are complex expression. 回答1: The tactic apply f_equal. will do what you want, for any constructor or function. The lema f_equal shows that for

问题 I want to change the goal from S x = S y to x = y . It's like inversion , but for the goal instead of a hypothesis. Such a tactic seems legit, because when we have x = y , we can simply use rewrite and reflexivity to prove the goal. Currently I always find myself using assert (x = y) to introduce a new subgoal, but it's tedious to write when x and y are complex expression. 回答1: The tactic apply f_equal. will do what you want, for any constructor or function. The lema f_equal shows that for

问题 In Coq, sig is defined as Inductive sig (A:Type) (P:A -> Prop) : Type := exist : forall x:A, P x -> sig P. Which I read as "A sig P is a type, where P is a function taking an A and returning a Prop. The type is defined such that an element x of type A is of type sig P if P x holds." proj1_sig is defined as Definition proj1_sig (e:sig P) := match e with | exist _ a b => a end. I'm not sure what to make of that. Could somebody provide a more intuitive understanding? 回答1: Non-dependent pairs vs.

问题 Suppose that I have already proved some theorem in coq, and later I want to introduce it as a hypothesis in the proof of another theorem. Is there a succinct way to do this? The need for this typically arises for me when I want to do something like a proof by cases. And I've discovered that one way to do this is to assert the statement of the theorem, and then immediately prove it, but this seems kind of cumbersome. For example I tend to write things like: Require Import Arith.EqNat.

问题 I understood destruct as it breaks an inductive definition into its constructors. I recently saw case_eq and I couldn't understand what it does differently? 1 subgoals n : nat k : nat m : M.t nat H : match M.find (elt:=nat) n m with | Some _ => true | None => false end = true ______________________________________(1/1) cc n (M.add k k m) = true In the above context, if I do destruct M.find n m it breaks H into true and false whereas case_eq (M.find n m) leaves H intact and adds separate

问题 The simpl tactic unfolds expressions like 2 + a to "match trees" which doesn't seem simple at all. For example: Goal forall i:Z, ((fun x => x + i) 3 = i + 3). simpl. Leads to: forall i : Z, match i with | 0 => 3 | Z.pos y' => Z.pos match y' with | q~1 => match q with | q0~1 => (Pos.succ q0)~1 | q0~0 => (Pos.succ q0)~0 | 1 => 3 end~0 | q~0 => match q with | q0~1 => (Pos.succ q0)~0 | q0~0 => q0~1 | 1 => 2 end~1 | 1 => 4 end | Z.neg y' => Z.pos_sub 3 y' end = i + 3 How to avoid such