theorem-proving

问题 I am trying to use the export_code tool for the following definition: definition set_to_list :: "('a×'a) set ⇒ ('a×'a) list" where "set_to_list A = (SOME L. set L = A)" This is not working due to missing code equations for Eps. Now I discovered that there is also a definition: definition sorted_list_of_set :: "'a set ⇒ 'a list" where "sorted_list_of_set = folding.F insort []" However, I am not capable of asserting that ('a ×'a) is a linear order (which would be fine for me, e.g. first

问题 I'd like to formalize formal languages and their semantics in MMT and define a general notion of semantics equivalence of two semantics wrt. one syntax. Precisely, encoding the latter turns out to be an identification/glueing that I have no idea on how to do in MMT. Let me elaborate on my concrete formalization setup next. Below is a simplified formalization showing my approach. Based on a theory Meta aggregating both the logical framework LF and some logic, I start in Syntax defining a

问题 I'm trying to compile an Agda file, but I'm having trouble getting it to find the standard library. I've seen the documentation here. I've used Stack to install it: > which agda /home/joey/.local/bin/agda And I've set the environment variable for my Agda directory: > echo $AGDA_DIR /home/joey/.agda Which is populated with the correct files: /home/joey/agda/agda-stdlib/standard-library.agda-lib > cat "$AGDA_DIR"/libraries /home/joey/agda/agda-stdlib/standard-library.agda-lib > cat "$AGDA_DIR"

问题 I'm going through chapter 5 of concrete semantics. I got some error while working through this toy example proof: lemma shows "¬ ev (Suc 0)" I know this is more than needed (since by cases ) magically solves everything & gives a finished proof, but I wanted to make explicit the cases. I tried this: lemma shows "¬ ev (Suc 0)" proof (rule notI) assume "ev (Suc 0)" then show False proof (cases) case ev0 then show ?case by blast next case evSS then show ?case sorry qed but if I put my mouse on

问题 I was trying to go through the Isar chapter for Isabelle (theorem Prover) and the first statement has: lemma "¬ surj(f :: 'a ⇒ 'a set)" I wanted to understand what the constant surj was. I know that it's easy to look up theorems with: thm notI which displays: (?P ⟹ False) ⟹ ¬ ?P I tried googling surj but nothing useful came up. I went to the documentation (https://isabelle.in.tum.de/documentation.html) but I couldn't find an easy way to search through it (e.g. with a search bar). How do

问题 Is there a way to admit asserts in Coq ? Suppose I have a theorem like this: Theorem test : forall m n : nat, m * n = n * m. Proof. intros n m. assert (H1: m + m * n = m * S n). { Admitted. } Abort. The above assert doesn't seem to work for me. The error I receive is: Error: No focused proof (No proof-editing in progress). What I want is something like undefined in Haskell. Baiscally, I will come back to this later and prove it. Is there something like that in Coq to achieve it ? 回答1: In

问题 Suppose I have a tactic like this (taken from HaysTac), that searches for an argument to specialize a particular hypothesis with: Ltac find_specialize_in H := multimatch goal with | [ v : _ |- _ ] => specialize (H v) end. However, I'd like to write a tactic that searches for n arguments to specialize a tactic with. The key is that it needs to backtrack. For example, if I have the following hypotheses: y : T H : forall (x : T), x = y -> P x x1 : T x2 : T Heq : x1 = y If I write do 2 (find

问题 I'm trying to prove that a transitive relation on elements of lists is equivalent to a transitive relation on lists (under some conditions). Here is a first lemma: lemma list_all2_rtrancl1: "(list_all2 P)⇧*⇧* xs ys ⟹ list_all2 P⇧*⇧* xs ys" apply (induct rule: rtranclp_induct) apply (simp add: list.rel_refl) by (smt list_all2_trans rtranclp.rtrancl_into_rtrancl) And here is a symmetric lemma: lemma list_all2_rtrancl2: "(⋀x. P x x) ⟹ list_all2 P⇧*⇧* xs ys ⟹ (list_all2 P)⇧*⇧* xs ys" apply (erule

问题 I am trying to prove the theorem [] |- p /\ q <=> q /\ p :thm using SML with HOL Inference Rules. Here's the SML code: val thm1 = ASSUME ``p:bool /\ q:bool``; val thm2 = ASSUME ``p:bool``; val thm3 = ASSUME ``q:bool``; val thm4 = CONJ thm2 thm3; val thm5 = CONJ thm3 thm2; val thm6 = DISCH ``(q:bool/\p:bool)`` thm4; val thm7 = DISCH ``(p:bool/\q:bool)`` thm5; val thm8 = IMP_ANTISYM_RULE thm6 thm7; The result of the above code produces : val thm8 = [(p :bool), (q :bool)] |- (q :bool) /\ (p

问题 I started to learn Isabelle, the theorem prover, about 2-3 weeks ago. I am still an absolute beginner and I worked with the tutorial "Programming and Proving in Isabelle/HOL" so far. The only help on matrices I found so far was to look at the source code in the HOL library. Now I want to learn how to prove properties about matrices. The lambda syntax for matrices is still new to me. Are there any tutorials or basic/intermediate examples on using matrices in Isabelle? 回答1: Here is a more