coq-club AT inria.fr

Subject: The Coq mailing list

List archive

Re: [Coq-Club] Doubt about In

From: e+coq-club AT x80.org (Emilio Jesús Gallego Arias)
To: Saulo Araujo <saulo2 AT gmail.com>
Cc: coq-club AT inria.fr
Subject: Re: [Coq-Club] Doubt about In
Date: Wed, 24 Feb 2016 20:12:42 +0100
Authentication-results: mail2-smtp-roc.national.inria.fr; spf=None smtp.pra=e+coq-club AT x80.org; spf=Neutral smtp.mailfrom=e+coq-club AT x80.org; spf=None smtp.helo=postmaster AT boipeva.ensmp.fr
Ironport-phdr: 9a23:YhOMVRCoHnItSVxvamRiUyQJP3N1i/DPJgcQr6AfoPdwSP7yrsbcNUDSrc9gkEXOFd2CrakU1KyL4+u5ADNIyK3CmU5BWaQEbwUCh8QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYsExnyfTB4Ov7yUtaLyZ/niKbvq9aKOloArQH+SI0xBS3+lR/WuMgSjNkqAYcK4TyNnEF1ff9Lz3hjP1OZkkW0zM6x+Jl+73YY4Kp5pIZoGJ/3dKUgTLFeEC9ucyVsvJWq5i/4VQKKx2NUEj5OylsbSzTCuSrzQ5P2+gLgv/d/32HOJsTrSbducTun5qZvDhTvjXFUGSQ+9TTaycd3ledQpA+rjwwvm8jTeo7ddNd7f6fceps4SHHTRY5+XihFD4y7J6IVDuMafLUL57LhrkcD+ELtTTKnA/nin2UQ3nI=
Organization: X80 Heavy Industries

Hi Saulo,

Saulo Araujo
<saulo2 AT gmail.com>
writes:

> Thanks a lot for expanding your previous answer. As I´m studying dependent
> type programming in Coq in my spare time, it will take me some some days to
> try your suggestion.

I hope you have fun!

> In any case, my dependent type is a very simple one:
>
> *Inductive List E: nat -> Type :=*
> *| ListLeaf: E -> List E 0*
> *| ListNode n: E -> List E n -> List E (S n).*

That's indeed a reasonably simple type. In this case the injectivity
proof is very similar to the decidability proof.

> Below is my proof of the decidability of List Digit n:
>
> *Theorem list_digit_dec:*
> * forall n (cs ds: List Digit n), {cs = ds} + {cs <> ds}.*
> *Proof.*
> * intros.*

I attach a short and somewhat more generic proof using the idea we
discussed, the key point to make your life easier here is to generalize
a bit the theorem:

> Lemma to_list_inj_gen n m (x : List n) (y : List m) (i_eq : n = m) :
> to_list x = to_list y -> eq_dep nat List n x m y.

My proof is a bit cumbersome, likely due to my unfamiliarity with LTAC,
using other tactic languages is just a couple of lines.

A couple of comments:

- Note instead of defining your own type, you may be better served by
using a "subtype" of list, see [1] for more details, but the basic
idea is to have:

List T n = { val : list T ; _ : length val == n.+1 }

For all such structures, val is injective, thus equality on the base
type implies equality in the subtype.

- Regarding your questions about "In", if you are verifying an
algorithm, you will be almost surely better suited by assuming
decidability of you base types and using a version of In that is
computational, similar to the typical ocaml mem:

mem :: T -> list T -> bool
mem a [] = false
mem a (x::xs) = (a == x) || mem a xs

I don't know these two patterns are supported in the regular Coq Stdlib.

There are libraries that natively support such concepts, ask me in
private for more details if you are interested.

E.

[1]
http://stackoverflow.com/questions/35290012/inductive-subset-of-an-inductive-set-in-coq

Attachment: saulo.v
Description: Binary data

Re: [Coq-Club] Doubt about In, (continued)
- Re: [Coq-Club] Doubt about In, Arthur Azevedo de Amorim, 02/22/2016
- Re: [Coq-Club] Doubt about In, Saulo Araujo, 02/22/2016