Skip to Content.
Sympa Menu

coq-club - Re: [Coq-Club] Proof in functional style

coq-club AT inria.fr

Subject: The Coq mailing list

List archive

Re: [Coq-Club] Proof in functional style


Chronological Thread 
  • From: mukesh tiwari <mukeshtiwari.iiitm AT gmail.com>
  • To: coq-club AT inria.fr
  • Subject: Re: [Coq-Club] Proof in functional style
  • Date: Fri, 30 Nov 2018 15:42:46 +1100
  • Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=mukeshtiwari.iiitm AT gmail.com; spf=Pass smtp.mailfrom=mukeshtiwari.iiitm AT gmail.com; spf=None smtp.helo=postmaster AT mail-wm1-f52.google.com
  • Ironport-phdr: 9a23:2KeehBD5APmwCYmESkC9UyQJP3N1i/DPJgcQr6AfoPdwSPv8o8bcNUDSrc9gkEXOFd2Cra4c26yO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fcbglUhzexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Xymp4aV2Rx/ykCoIODA5/2PXhMJ+j6xVvQyvqABkzoHOfI2YLuBzcr/Bcd4YQ2dKQ8ZfVzZGAoO5d4YPCvcBPeVGoInmp1sFsAe+BQiiBez10D9Ih2L90Ko/0+Q8EgHJwhcgH9ISsHTVotT6Lr0SUeGvwKnJzDXDbu9W2TLm5YjHdxAuu/CMXbZqfcXNzkkvEhrIg1ONooLrODOV0/4Cs2md7+d4WuKvinInqwFsoje03Msjlo7JhocTx1vZ9it52J44KcOkREN/e9KpE5tduzuHO4doQc4uWWFltDg8x7Ybo5C0ZjIKx44ixxPHa/yIbYyI4hX7WeaUOzh4hXZldKuxhha37ESs0+P8W8mq3FpQoSpFld7Mtn8J1xPN8MSIVvx9/kK51TaO0QDc9P1ELFgqmabHL5Mt2L09m5oJvUjeACP7m1/6ga+Iekk8/+in8eXnYrHopp+GMI90jxnzMqEzmsy8H+s4KQgOX3Sa+eWyzrLj50z5TK9Ljv03k6nZrJXaKN8Upq68GQBV04Ij5wyjADeh1dQUhWMHI05deBKbk4jpPEnDL+z/DfemmlijjDNrx+3dMbD6GZXMLn3DkK/7crpn6k5czhAzzdFF6J5OBLEBOqG7Zkikv9vBSxQ9LgacwuD9Cdw72JlNd3iIB/qcLaDfql/A+uMwKvONLNsQpTXwMPg55uHnl35/mF4cYayB0p4eaXT+FfNjdRbKKUHwi8sMRD9Z9jE1S/bn3QXbAGxjIk2qVqd53QkVTYevDIPNXIeo2eXT0yKyH5kQbWdDWAnVTSXYMr6cUvJJUxq8Z9d7m2VdB7ekQo4lkxqpsV2ikuc1Hq/v4iQd8Knb+p116unUz0xg8DV1C4GC1jjIQTwu2GwPQDAy0eZ0pkkvklo=
The reason, I am trying to write proof in functional style, is to achieve the precisely the same effect which I am getting from functional induction scheme (three cases explicitly).

      Require Import FunInd.
      Fixpoint intersperse (A : Type) (c : A) (l : list A) : list A :=
        match l with
        | [] => []
        | [h] => [h]
        | h :: t => h :: c :: intersperse _ c t
        end.
    
     
      Functional Scheme intersperse_ind := Induction for intersperse Sort Prop.
     
      Compute (intersperse _ 0 []).
      Compute (intersperse _ 0 [1]).
      Compute (intersperse _ 0 [1; 2; 3]).
     
      Lemma map_intersperse : forall (A B : Type) (f : A -> B) (c : A) (l : list A),
          map f (intersperse _ c l) = intersperse _ (f c) (map f l).
      Proof.
        intros A B f c l.
        functional induction (intersperse A c l).
        + cbn. exact eq_refl.
        + cbn. exact eq_refl.
        + cbn in *. repeat f_equal. assumption.
      Qed.

Best regards,
Mukesh Tiwari

On Fri, Nov 30, 2018 at 3:24 PM mukesh tiwari <mukeshtiwari.iiitm AT gmail.com> wrote:
Hi Everyone, I have written a function (basically Haskell intersperse function)

  Fixpoint intersperse (A : Type) (c : A) (l : list A) : list A :=
        match l with
        | [] => []
        | [h] => [h]
        | h :: t => h :: c :: intersperse _ c t
        end.

     
      Compute (intersperse _ 0 []).
      Compute (intersperse _ 0 [1]).
      Compute (intersperse _ 0 [1; 2; 3]).

and proof about it's correctness      

      Lemma map_intersperse : forall (A B : Type) (f : A -> B) (c : A) (l : list A),
          map f (intersperse _ c l) = intersperse _ (f c) (map f l).
      Proof.
        intros A B f c.
        induction l.
        + cbn; auto.
        + destruct l.
          ++ cbn; auto.
          ++ cbn in *. repeat f_equal.
               (* At this point, the induction hypothesis is [1], and assumption is able to discharge
                   the proof *)
                assumption.
      Qed.

Now I rewrote the same proof in function style using refine tactic.

Lemma map_intersperse_not_working :  forall (A B : Type) (f : A -> B) (c : A) (l : list A),
          map f (intersperse _ c l) = intersperse _ (f c) (map f l).
        refine (fun A B f c =>
                  fix F l :=
                  match  l as l'
                         return  l = l' ->
                                 map f (intersperse A c l') =
                                 intersperse B (f c) (map f l') with
                                     
                  | [] => fun H => eq_refl
                  | [h] => fun H => eq_refl
                  | h1 :: h2 :: t => fun H => _      
                  end eq_refl).
        pose proof (F (h2 :: t)).
        cbn in *. repeat f_equal. Guarded.
        (* At this point assumption H0 is same as goal [2] so apply H0 should discharge the goal*)
        apply H0. Guarded. 
       (* I am getting Recursive definition of F is ill-formed. *)

Could some one point me why it's saying F is ill-formed ? I am calling it smaller argument (At least that is my understanding). 

I got working solution with help of Li-yao [3], but I am wondering why destruct t is making a difference in this solution which I am doing explicitly in previous one (matching on one element list [h])

  Lemma map_intersperse_not_working :  forall (A B : Type) (f : A -> B) (c : A) (l : list A),
          map f (intersperse _ c l) = intersperse _ (f c) (map f l).
        refine (fun A B f c =>
                  fix F l :=
                  match  l as l'
                         return  l = l' ->
                                 map f (intersperse A c l') =
                                 intersperse B (f c) (map f l') with
                                      
                  | [] => fun H => eq_refl
                  | h :: t => fun H => _     
                  end eq_refl).
        pose proof (F t).
        destruct t.
        + cbn. exact eq_refl.
        + cbn in *. repeat f_equal. apply H0. Guarded.
      Qed.

Best regards,
Mukesh Tiwari


Archive powered by MHonArc 2.6.18.

Top of Page