coq-club AT inria.fr
Subject: The Coq mailing list
List archive
- From: Jason -Zhong Sheng- Hu <fdhzs2010 AT hotmail.com>
- To: Klaus Ostermann <klaus.ostermann AT uni-tuebingen.de>, "coq-club AT inria.fr" <coq-club AT inria.fr>
- Subject: Re: [Coq-Club] Certified insertion
- Date: Sat, 8 Dec 2018 15:53:42 +0000
- Accept-language: en-CA, en-US
- Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=fdhzs2010 AT hotmail.com; spf=Pass smtp.mailfrom=fdhzs2010 AT hotmail.com; spf=Pass smtp.helo=postmaster AT NAM01-SN1-obe.outbound.protection.outlook.com
- Ironport-phdr: 9a23:bnRIrhLVt5Yr7/PS9tmcpTZWNBhigK39O0sv0rFitYgfLPnxwZ3uMQTl6Ol3ixeRBMOHs6IC07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9JDffwZFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUjq+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfFjfK3SYMkaSHJBUMhPSiJBHo2yYYgBD+UDIelXoJLwqEESoReiHwSgGP/jxiFOi3Tr3aM6yeMhEQTe0QIkBd0Oq3PUrNPoP6sLUu+1zK7IzTPMb/hLxDn96JbHchYuof2VQLl+c9fRwlQoGgPLk1qQqY3kPyiL2ugRrmSX8/FtVeKoi247rgF+uDmvxsM2hobVgYIVz0nJ+CNky4g7It24TVR0Yd+iEJZIqiGaL5V5QsUkQ21ypik116AGtJimdyYJ0JQq3xHSZ+Cdf4WM/B7vTvidLS12iX9qYL6/iQi9/Eu8xuD5U8S7zktFoyhHn9TJtn0A0wLc58mCR/Rg5Uis3TKC2gXX5+5fLk04iKzWIIM7zLEqjJocq0HDEzf2mEroiK+WcV0p9PC05urgfrnqu4aQOZJshA3jK6gundewDvoiPggJQmib5f+z1Lr+/U3/XbpGlOU2krPesJDGO8sUurK5Aw5S0oYl8Rq/CCqm0MgcnXkAK1JFewiLgJTuO1HLOPz4DPG/jEqwkDpzyP3KIqftD5HTInTZjrvtZ7hw5kFExAo2199f5pZUCr8bIPL0X0/8rNLYAQI5Mw212ObrFslx2p4CVW+UAq+ZN7/SsVqS6eIuJ+mAfpMauDH4K/Q9/f7hkWc5mUMBfamuxZYYdHe4Hu1/L0qFZXrsn8wOHHwRvgs+SezqkEeNXSRSZ3a0RaI85ys0BJioDYfZFciRh+mi2C6mBdVxfXxLEFWFF3GgI4aAUuoXLiWJPsJ7lzUCU5C8TY5kyQyjvg78xLdhaObZrGlQ/5nkzZ1+4/DZvRA07z19ScqHmSnZRGZt22gMWjUe3aZloEU7xE3VgoZihPkNN9VI4PUBFzU6MpjTh9d6Btb9H0rhY5/dRlqmUM78WWhpZtI239oHYkI7ENKn2EOQlxG2CqMYwuTYTKc/9bjRij2of54kmiT2kZI5hlxjefNhcGivh6px7Q/WXtWbk0KFkq+rceIX2yufrT7fn1rLh1lRVUtLaYuARWoWPxCErdPl40rDS/mlDrF1alIcm/7HEbNDb5jStXsDRPrnP4iBMUSYvj/pQC2un/aLZoesfHgB1iLADkRCixoU4XuNKQk5AGGmvn7aCzttU1noZhG1/A==
Hi Klaus,
In Appel's Software Foundations Vol. 3, there are two chapters proving insertion sort correct. Not sure if you've taken a look?
https://softwarefoundations.cis.upenn.edu/vfa-current/toc.html
|
Selection Sort, With Specification and Proof of Correctness ()Top; The Selection-Sort Program; Proof of Correctness of Selection sort; Recursive Functions That are Not Structurally Recursive
softwarefoundations.cis.upenn.edu
|
Regarding your original problem, this can be solved without invoking K, but it's kind of annoying to do all these work manually. To provide an initial refinement:
Require Import Coq.Arith.Compare_dec.
Fixpoint insert(n: nat)(l: { q: list nat | Sorted q})
: { q: list nat | sortedOf (cons n (proj1_sig l)) q}.
Proof.
refine (let (l', sorted_l') as l0
return { q: list nat | sortedOf (cons n (proj1_sig l0)) q} := l
in match l' as l0
return Sorted l0 ->
{ q: list nat | sortedOf (cons n l0) q} with
| nil => fun _ => exist _ [n] _
| cons x xs =>
fun sorted_l' =>
match le_lt_dec n x with
| left n_le_x => exist _ (n :: x :: xs) _
| right x_lt_n => _
end
end sorted_l').
To point out what's missing in your original solution:
- Since dependent sum types in Coq has no definitional eta expansion, the extended let binding up front is needed to unpack the list and the evidence. The later is required in the recursive case. You originally attempted to use extended match directly, so it didn't work.
- Extended match then can be used to split cases. But Sorted evidence needs to be carried in.
- In the cons case, then you can use decision procedure (from Arith.Compare_dec) to decide ordering.
So it's not quite convenient. It's much better off to do the same as what Appel did in Vol 3. Additionally, you might fall into trouble proving additional theorems on this function, because `destruct` will have some trouble handling case analysis with the presence
of dependent types. Another solution is to use Equations, which is much more friendly and more powerful in dependently typed settings. Equations also allows you to disable K, so if you are worried about your foundation, you are secured as well.
From: coq-club-request AT inria.fr <coq-club-request AT inria.fr> on behalf of Klaus Ostermann <klaus.ostermann AT uni-tuebingen.de>
Sent: December 8, 2018 9:22 AM
To: coq-club AT inria.fr
Subject: [Coq-Club] Certified insertion
Sent: December 8, 2018 9:22 AM
To: coq-club AT inria.fr
Subject: [Coq-Club] Certified insertion
I'm making a few experiments with using subset types for "certified
programming".
I'm stuck with a certified variants of the "insert" function as used in
insertion sort, that is,
it's type should say that the input list and output list are sorted and
that the output list
contains both the input list and the element to be inserted.
Could somebody tell me how to do this idiomatically in Coq, preferably
without using
"dependent destruction" and other tactics that require additional
axioms? I'm stuck on
how to make the case distinction on whether the element to be inserted
is less than or eqal
to the first element. Presumably this requires a fancy "return" annotation?
Inductive Sorted : list nat -> Prop :=
| Sorted_nil : Sorted []
| Sorted_cons1 a : Sorted [a]
| Sorted_consn a b l :
Sorted (b :: l) -> a <= b -> Sorted (a :: b :: l).
Definition sortedOf(l: list nat)(q: list nat) := Sorted q /\ forall m,
In m l <-> In m q.
Fixpoint insert(n: nat)(l: { q: list nat | Sorted q}) : { q: list nat |
sortedOf (cons n (proj1_sig l)) q}.
refine( match l return { q: list nat | sortedOf (cons n (proj1_sig l))
q} with
| exist [] st => _
| exist (cons x xs) st => _
end).
- refine (exist _ [n] _). split. constructor. intros. split; intros.
simpl in H ; destruct H ; subst; constructor; auto. inversion H.
constructor. inversion H ; subst; auto. inversion H0.
- (* stuck here; how to make the case distinction on whether n <= x ? )
Klaus
programming".
I'm stuck with a certified variants of the "insert" function as used in
insertion sort, that is,
it's type should say that the input list and output list are sorted and
that the output list
contains both the input list and the element to be inserted.
Could somebody tell me how to do this idiomatically in Coq, preferably
without using
"dependent destruction" and other tactics that require additional
axioms? I'm stuck on
how to make the case distinction on whether the element to be inserted
is less than or eqal
to the first element. Presumably this requires a fancy "return" annotation?
Inductive Sorted : list nat -> Prop :=
| Sorted_nil : Sorted []
| Sorted_cons1 a : Sorted [a]
| Sorted_consn a b l :
Sorted (b :: l) -> a <= b -> Sorted (a :: b :: l).
Definition sortedOf(l: list nat)(q: list nat) := Sorted q /\ forall m,
In m l <-> In m q.
Fixpoint insert(n: nat)(l: { q: list nat | Sorted q}) : { q: list nat |
sortedOf (cons n (proj1_sig l)) q}.
refine( match l return { q: list nat | sortedOf (cons n (proj1_sig l))
q} with
| exist [] st => _
| exist (cons x xs) st => _
end).
- refine (exist _ [n] _). split. constructor. intros. split; intros.
simpl in H ; destruct H ; subst; constructor; auto. inversion H.
constructor. inversion H ; subst; auto. inversion H0.
- (* stuck here; how to make the case distinction on whether n <= x ? )
Klaus
- [Coq-Club] Certified insertion, Klaus Ostermann, 12/08/2018
- Re: [Coq-Club] Certified insertion, Jason -Zhong Sheng- Hu, 12/08/2018
- Re: [Coq-Club] Certified insertion, Xuanrui Qi, 12/08/2018
- Re: [Coq-Club] Certified insertion, Adam Chlipala, 12/08/2018
- Re: [Coq-Club] Certified insertion, Klaus Ostermann, 12/08/2018
- Re: [Coq-Club] Certified insertion, Xuanrui Qi, 12/08/2018
- Re: [Coq-Club] Certified insertion, Jonathan Leivent, 12/09/2018
- Re: [Coq-Club] Certified insertion, Klaus Ostermann, 12/08/2018
- Re: [Coq-Club] Certified insertion, David Holland, 12/19/2018
- Re: [Coq-Club] Certified insertion, Jason -Zhong Sheng- Hu, 12/08/2018
Archive powered by MHonArc 2.6.18.