coq-club AT inria.fr
Subject: The Coq mailing list
List archive
- From: Vincent Archambault-Bouffard <archambault.v AT gmail.com>
- To: coq-club AT inria.fr
- Subject: Re: [Coq-Club] Help with a proof
- Date: Thu, 16 Jun 2016 09:56:00 -0400
- Authentication-results: mail2-smtp-roc.national.inria.fr; spf=None smtp.pra=archambault.v AT gmail.com; spf=Pass smtp.mailfrom=archambault.v AT gmail.com; spf=None smtp.helo=postmaster AT mail-io0-f181.google.com
- Ironport-phdr: 9a23:3OIHRBCgvbQ4UxqVapnTUyQJP3N1i/DPJgcQr6AfoPdwSP7+osbcNUDSrc9gkEXOFd2CrakU2qyG4+u9CCQp2tWojjMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpQAbFhi3DwdpPOO9QteU1JTmkbDisMCCKyxzxxODIppKZC2sqgvQssREyaBDEY0WjiXzn31TZu5NznlpL1/A1zz158O34YIxu38I46FppIZ8VvDxeL19RrhFBhwnNXo07Yvlr0rtVwyKs0UdVG4blAYAKhLO7Bj/VJ7stje/nO1g1ieTJ8G+GbkuUjSr6q1iVRv0zjkvODsw8WWRgct12vEI6Cm9rgByltaHKLqeM+BzK/vQ
Thank you !
It’s clever to package all arguments in a tuple and use Function instead of Program.
Vincent
On Jun 16, 2016, at 2:41 AM, Pierre Casteran <pierre.casteran AT labri.fr> wrote:Hi,
I think this problem was already discussed in coq-club :
Please look at
http://coq-club.inria.narkive.com/c2SDnwrl/executability-and-fixpoint-equation-of-a-program-fixpoint-definition
By the way, The Recdef library provides tools for proving your ko theorem.
I'm not sure, but I think that a definition by Function works only with
one decreasing argument, so I defined an auxiliary function.
Function compose' (p : Foo * Foo)
{measure (fun p => foo_size (fst p) + foo_size (snd p))}
: Foo :=
match p with
| (CInt 0, _) => snd p
| (CInt (S n1), CInt n2) => CInt (S n1 + n2)
| (CInt (S n1), CFoo s3) => compose' (CInt n1, s3)
| (CFoo s, _) => CFoo (compose' (s, snd p))
end
.
intros;simpl;auto with arith.
auto with arith.
Defined.
Definition compose s1 s2 := compose' (s1,s2).
Then, using the automatically generated induction principle compose'_ind, you get a rewriting lemma.
Lemma compose'_rw :
forall p : Foo * Foo,
compose' p =
match p with
| (CInt 0, _) => snd p
| (CInt (S n1), CInt n2) => CInt (S n1 + n2)
| (CInt (S n1), CFoo s3) => compose' (CInt n1, s3)
| (CFoo s, _) => CFoo (compose' (s, snd p))
end.
Then, your theorem becomes trivial to prove.
Theorem ko : forall n1 s1,
compose (CInt (S n1)) (CFoo s1) = compose (CInt n1) s1.
Proof.
unfold compose; intros; now rewrite compose'_rw.
Qed.
Pierre
Le 16/06/2016 07:02, Vincent Archambault-Bouffard a écrit :Require Import Coq.Program.Wf.
Require Import Omega.
Inductive Foo : Set :=
| CFoo : Foo -> Foo
| CInt : nat -> Foo
.
(* This will serve as the measure to convince coq that compose
terminates. *)
Fixpoint foo_size (s : Foo) : nat :=
match s with
| CFoo s' => 1 + foo_size s'
| CInt _ => 1
end.
Program Fixpoint compose (s1 s2 : Foo)
{measure (foo_size s1 + foo_size s2)} : Foo :=
match s1, s2 with
| CInt 0, _ => s2
| CInt (S n1), CInt n2 => CInt (S n1 + n2)
| CInt (S n1), CFoo s3 => compose (CInt n1) s3
| CFoo s, _ => CFoo (compose s s2)
end
.
Theorem ko : forall n1 s1,
compose (CInt (S n1)) (CFoo s1) = compose (CInt n1) s1.
Proof.
- [Coq-Club] Help with a proof, Vincent Archambault-Bouffard, 06/16/2016
- Re: [Coq-Club] Help with a proof, Pierre Casteran, 06/16/2016
- Re: [Coq-Club] Help with a proof, Pierre Courtieu, 06/16/2016
- Re: [Coq-Club] Help with a proof, Pierre Casteran, 06/16/2016
- Re: [Coq-Club] Help with a proof, Pierre Courtieu, 06/16/2016
- Re: [Coq-Club] Help with a proof, Pierre Casteran, 06/16/2016
- Re: [Coq-Club] Help with a proof, Vincent Archambault-Bouffard, 06/16/2016
- Re: [Coq-Club] Help with a proof, Pierre Courtieu, 06/16/2016
- Re: [Coq-Club] Help with a proof, Pierre Casteran, 06/16/2016
Archive powered by MHonArc 2.6.18.