coq-club AT inria.fr
Subject: The Coq mailing list
List archive
- From: Pierre Casteran <pierre.casteran AT labri.fr>
- To: coq-club AT inria.fr
- Subject: Re: [Coq-Club] Help with a proof
- Date: Thu, 16 Jun 2016 08:41:05 +0200
- Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=pierre.casteran AT labri.fr; spf=Pass smtp.mailfrom=pierre.casteran AT labri.fr; spf=Pass smtp.helo=postmaster AT iona.labri.fr
- Ironport-phdr: 9a23:rcEF8xcAZ4MlMccTwEWUjbsIlGMj4u6mDksu8pMizoh2WeGdxc6+YR7h7PlgxGXEQZ/co6odzbGG4uawBidZuMrJmUtBWaIPfidNsd8RkQ0kDZzNImzAB9muURYHGt9fXkRu5XCxPBsdMs//Y1rPvi/6tmZKSV3BPAZ4bt74BpTVx5zukbviqtuDPE4R3Wb1SIgxBSv1hD2ZjtMRj4pmJ/R54TryiVwMRd5rw3h1L0mYhRf265T41pdi9yNNp6BprJYYAu2pN5g/GLdfFXEtN30/zMztrxjKCwWVtVUGVWBDqhtFGRLIpDrzRYv8qCL8/r5l2SSAJ8CwRrkvRTm45qFDTBbikiZBOSRvozKfsdB5kK8O+EHpnBd42YOBOIw=
- Organization: LaBRI - Université Bordeaux 1 - France
Hi,
I think this problem was already discussed in coq-club :
Please look at
http://coq-club.inria.narkive.com/c2SDnwrl/executability-and-fixpoint-equation-of-a-program-fixpoint-definition
By the way, The Recdef library provides tools for proving your ko theorem.
I'm not sure, but I think that a definition by Function works only with
one decreasing argument, so I defined an auxiliary function.
Function compose' (p : Foo * Foo)
{measure (fun p => foo_size (fst p) + foo_size (snd p))}
: Foo :=
match p with
| (CInt 0, _) => snd p
| (CInt (S n1), CInt n2) => CInt (S n1 + n2)
| (CInt (S n1), CFoo s3) => compose' (CInt n1, s3)
| (CFoo s, _) => CFoo (compose' (s, snd p))
end
.
intros;simpl;auto with arith.
auto with arith.
Defined.
Definition compose s1 s2 := compose' (s1,s2).
Then, using the automatically generated induction principle compose'_ind, you get a rewriting lemma.
Lemma compose'_rw :
forall p : Foo * Foo,
compose' p =
match p with
| (CInt 0, _) => snd p
| (CInt (S n1), CInt n2) => CInt (S n1 + n2)
| (CInt (S n1), CFoo s3) => compose' (CInt n1, s3)
| (CFoo s, _) => CFoo (compose' (s, snd p))
end.
Then, your theorem becomes trivial to prove.
Theorem ko : forall n1 s1,
compose (CInt (S n1)) (CFoo s1) = compose (CInt n1) s1.
Proof.
unfold compose; intros; now rewrite compose'_rw.
Qed.
Pierre
Le 16/06/2016 07:02, Vincent Archambault-Bouffard a écrit :
Require Import Coq.Program.Wf.
Require Import Omega.
Inductive Foo : Set :=
| CFoo : Foo -> Foo
| CInt : nat -> Foo
.
(* This will serve as the measure to convince coq that compose
terminates. *)
Fixpoint foo_size (s : Foo) : nat :=
match s with
| CFoo s' => 1 + foo_size s'
| CInt _ => 1
end.
Program Fixpoint compose (s1 s2 : Foo)
{measure (foo_size s1 + foo_size s2)} : Foo :=
match s1, s2 with
| CInt 0, _ => s2
| CInt (S n1), CInt n2 => CInt (S n1 + n2)
| CInt (S n1), CFoo s3 => compose (CInt n1) s3
| CFoo s, _ => CFoo (compose s s2)
end
.
Theorem ko : forall n1 s1,
compose (CInt (S n1)) (CFoo s1) = compose (CInt n1) s1.
Proof.
- [Coq-Club] Help with a proof, Vincent Archambault-Bouffard, 06/16/2016
- Re: [Coq-Club] Help with a proof, Pierre Casteran, 06/16/2016
- Re: [Coq-Club] Help with a proof, Pierre Courtieu, 06/16/2016
- Re: [Coq-Club] Help with a proof, Pierre Casteran, 06/16/2016
- Re: [Coq-Club] Help with a proof, Pierre Courtieu, 06/16/2016
- Re: [Coq-Club] Help with a proof, Pierre Casteran, 06/16/2016
- Re: [Coq-Club] Help with a proof, Vincent Archambault-Bouffard, 06/16/2016
- Re: [Coq-Club] Help with a proof, Pierre Courtieu, 06/16/2016
- Re: [Coq-Club] Help with a proof, Pierre Casteran, 06/16/2016
Archive powered by MHonArc 2.6.18.