Certified Programming with Dependent Types

Similar documents
Inductive prod (A B : Set) : Set := pair : A -> B -> prod A B. Inductive sum (A B : Set) : Set := inl : A -> sum A B inr : B -> sum A B.

Introduction to dependent types in Coq

c constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms

Coq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=

Inductive data types

The Coq Proof Assistant A Tutorial

Expr_annotated.v. Expr_annotated.v. Printed by Zach Tatlock

Inductive Definitions, continued

CS 456 (Fall 2018) Scribe Notes: 2

Infinite Objects and Proofs 1

CIS 500: Software Foundations

Calculus of Inductive Constructions

The Coq Proof Assistant A Tutorial

Induction in Coq. Nate Foster Spring 2018

Mathematics for Computer Scientists 2 (G52MC2)

CIS 500 Software Foundations. Midterm I. (Standard and advanced versions together) October 1, 2013 Answer key

The Coq Proof Assistant A Tutorial

CIS 500: Software Foundations

LASER 2011 Summerschool Elba Island, Italy Basics of COQ

Introduction to the Coq proof assistant First part

Programming with (co-)inductive types in Coq

Introduction to Co-Induction in Coq

Coq in a Hurry. Yves Bertot. To cite this version: HAL Id: inria v6

A Coq tutorial for confirmed Proof system users

CIS 500: Software Foundations

Coq in a Hurry. Yves Bertot

MoreIntro_annotated.v. MoreIntro_annotated.v. Printed by Zach Tatlock. Oct 04, 16 21:55 Page 1/10

Mathematics for Computer Scientists 2 (G52MC2)

Types Summer School Gothenburg Sweden August Dogma oftype Theory. Everything has a type

MoreIntro.v. MoreIntro.v. Printed by Zach Tatlock. Oct 07, 16 18:11 Page 1/10. Oct 07, 16 18:11 Page 2/10. Monday October 10, 2016 lec02/moreintro.

A Tutorial on [Co-]Inductive Types in Coq

Analysis of dependent types in Coq through the deletion of the largest node of a binary search tree

L04_in_class.v. L04_in_class.v. Printed by Zach Tatlock

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

MLW. Henk Barendregt and Freek Wiedijk assisted by Andrew Polonsky. March 26, Radboud University Nijmegen

An Ssreflect Tutorial

Coq in a Hurry. Yves Bertot. October 2008

Coq Summer School, Session 9 : Dependent programs with logical parts. Pierre Letouzey

4 Programming with Types

Lee Pike. June 3, 2005

Improving Coq Propositional Reasoning Using a Lazy CNF Conversion

Proofs are Programs. Prof. Clarkson Fall Today s music: Proof by Paul Simon

Advanced Features: Type Classes and Relations

Now that we have keys defined for the maps, we can start talking about maps. The first of these are Total Maps. Total Maps are defined as follows:

10 Years of Partiality and General Recursion in Type Theory

Coq in a Hurry. Yves Bertot. HAL Id: inria v5

Numerical Computations and Formal Methods

Logical Verification Course Notes. Femke van Raamsdonk Vrije Universiteit Amsterdam

Programming with dependent types: passing fad or useful tool?

Constructing the Propositional Truncation using Non-recursive HITs

L06_exercise.v. L06_exercise.v

Intrinsically Typed Reflection of a Gallina Subset Supporting Dependent Types for Non-structural Recursion of Coq

CIS 194: Homework 8. Due Wednesday, 8 April. Propositional Logic. Implication

Heq: a Coq library for Heterogeneous Equality

Introduction to Coq Proof Assistant

Programming with Dependent Types Interactive programs and Coalgebras

CS3110 Spring 2017 Lecture 9 Inductive proofs of specifications

Verification in Coq. Prof. Clarkson Fall Today s music: Check Yo Self by Ice Cube

Coq with Classes. Matthieu Sozeau. Journées PPS 2011 September 5th 2011 Trouville, France. Project Team πr 2 INRIA Paris

Coding Trees in the Deflate format

Type-directed Syntax Transformations for ATS-style Programs with Proofs

Programming in Omega Part 1. Tim Sheard Portland State University

An Introduction to Programming and Proving in Agda (incomplete draft)

Automated Reasoning. Natural Deduction in First-Order Logic

An experiment with variable binding, denotational semantics, and logical relations in Coq. Adam Chlipala University of California, Berkeley

Equations: a tool for dependent pattern-matching

Functional Programming in Coq. Nate Foster Spring 2018

Recent Work in Homotopy Type Theory

Programming with Universes, Generically

type classes & locales

Preuves Interactives et Applications

First-Class Type Classes

Finite Set Theory. based on Fully Ordered Lists. Jared Davis UT Austin. ACL2 Workshop 2004

The pitfalls of protocol design

On Agda JAIST/AIST WS CVS/AIST Yoshiki Kinoshita, Yoriyuki Yamagata. Agenda

3 Pairs and Lists. 3.1 Formal vs. Informal Proofs

Synthesis of distributed mobile programs using monadic types in Coq

Modular dependent induction in Coq, Mendler-style. Paolo Torrini

A Certified Implementation of a Distributed Security Logic

Pattern Matching and Abstract Data Types

Coq projects for type theory 2018

Formalization of Array Combinators and their Fusion Rules in Coq

Inductive data types (I)

Lean 2 Quick Reference

a brief introduction to (dependent) type theory

A Reflection-based Proof Tactic for Lattices in COQ

Theorem Proving Principles, Techniques, Applications Recursion

Implementing Constructive Logics with OCaml

Inductive datatypes in HOL. lessons learned in Formal-Logic Engineering

Functional Programming with Isabelle/HOL

Name: Entry: Gp: 1. CSL 102: Introduction to Computer Science. Minor 2 Mon 21 Mar 2005 VI 301(Gps 1-6)& VI 401(Gps 7-8) 9:30-10:30 Max Marks 40

Adam Chlipala University of California, Berkeley ICFP 2006

CMPSCI 250: Introduction to Computation. Lecture #22: Graphs, Paths, and Trees David Mix Barrington 12 March 2014

Structures in Coq January 27th 2014

Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214

Coq, a formal proof development environment combining logic and programming. Hugo Herbelin

Programs and Proofs in Isabelle/HOL

Strategies for Proofs

LOGIC AND DISCRETE MATHEMATICS

Integration of SMT Solvers with ITPs There and Back Again

Transcription:

1/30 Certified Programming with Dependent Types Inductive Predicates Niels van der Weide March 7, 2017

2/30 Last Time We discussed inductive types Print nat. (* Inductive nat : Set := O : nat S : nat nat*) Recursion principle Check nat_rect. (* nat_rect : forall P : nat Type, P O (forall n : nat, P n P (S n)) forall n : nat, P n*)

3/30 Last Time We discussed inductive types Print nat. (* Inductive nat : Set := O : nat S : nat nat*) Induction principle Check nat_ind. (* nat_ind : forall P : nat Prop, P O (forall n : nat, P n P (S n)) forall n : nat, P n*)

4/30 Last Time We discussed inductive types Print nat. (* Inductive nat : Set := O : nat S : nat nat*) Recursion principle Check nat_rec. (* nat_rec : forall P : nat Set, P O (forall n : nat, P n P (S n)) forall n : nat, P n*)

5/30 This raises several questions: Induction is for proving, recursion for programming. What s the difference between Prop and Set? Can we do logic in the language? Can we define more complicated propositions on types?

6/30 Prop vs Set Let s look at some examples. Inductive True : Prop := I : True. True is defined True rect is defined True ind is defined True rec is defined Inductive unit : Set := tt : unit. unit is defined unit rect is defined unit ind is defined unit rec is defined

7/30 Prop vs Set We can prove that these two are isomorphic Definition f := fun (_ : unit) I. Definition g := fun (_ : True) tt. Theorem eq1 : forall x : unit, x = g (f x). Proof. intro x. induction x. (* compute. *) reflexivity. Qed. Theorem eq2 : forall x : True, x = f (g x). Proof. intro x. destruct x. (* compute. *) reflexivity. Qed.

8/30 Prop vs Set But for the following example they are different! Inductive boolp : Prop := truep : boolp falsep : boolp. boolp is defined boolp ind is defined Inductive bool : Set := true : bool false : bool. bool is defined bool rect is defined bool ind is defined bool rec is defined

9/30 Prop vs Set This means the following is not allowed Definition h (x : boolp) : bool := match x with truep true falsep false end. Definition h : boolp bool. Proof. intro x. induction x. Error: Cannot find the elimination combinator boolp rec, the elimination of the inductive definition boolp on sort Set is probably not allowed.

10/30 Prop vs Set Inhabitants of the type Prop are propositions. These are proof-irrelevant: all inhabitants are equal.

10/30 Prop vs Set Inhabitants of the type Prop are propositions. These are proof-irrelevant: all inhabitants are equal. Inhabitants of the type Set are sets. These are proof-relevant: inhabitants might be equal, but do not have to.

10/30 Prop vs Set Inhabitants of the type Prop are propositions. These are proof-irrelevant: all inhabitants are equal. Inhabitants of the type Set are sets. These are proof-relevant: inhabitants might be equal, but do not have to. Also, Prop is ignored during code extraction.

11/30 Logic in Type Theory (or Coq) If inhabitants of Prop pretend to be propositions, can we treat them as such?

11/30 Logic in Type Theory (or Coq) If inhabitants of Prop pretend to be propositions, can we treat them as such? Yes, we can! Inductive types come to the rescue.

12/30 Logic in Type Theory (or Coq) Conjunctions. Inductive and (A : Prop) (B: Prop) : Prop := conj : A B and A B. and is defined and rect is defined and ind is defined and rec is defined Inductive prod (A : Set) (B : Set) : Set := pair : A B prod A B. prod is defined prod rect is defined prod ind is defined prod rec is defined

13/30 Logic in Type Theory (or Coq) Disjunctions. Inductive or (A : Prop) (B: Prop) : Prop := orl : A or A B orr : B or A B. or is defined or ind is defined Inductive sum (A : Set) (B: Set) : Set := inl : A sum A B inr : B sum A B. sum is defined sum rect is defined sum ind is defined sum rec is defined

14/30 Proposition Logic in Coq Coq got all these types natively. A nice table can be found on http://andrej.com/coq/cheatsheet.pdf

15/30 Proposition Logic in Coq Short demonstration of these tactics Theorem and_com : forall P Q : Prop, P Q Q P. Proof. intros. destruct H. split ; assumption. Qed. We can also prove it by programming. Definition and_com (P Q : Prop) (x : and P Q) : and Q P := match x with conj p q conj Q P q p end.

16/30 Proposition Logic in Coq But it is much better! Theorem complicatedprop : forall P Q : Prop, (P Q) ( Q P). Proof. tauto. (* also possible: intuition. *) Qed. Note this also works for types: Theorem complicatedtype : forall P Q : Type, (P Q) False ((( Q False) + (P False)) False) False. Proof. tauto. (* also possible: intuition *) Qed.

17/30 Proposition Logic in Coq The logic is constructive. Theorem unprovable : forall P : Prop, P P. Proof. intuition. (* Hypothesis: P : Prop Remaining goal: P (P False) *)

18/30 First-order Logic in Coq Existential quantifier: Inductive ex (A : Type) (P : A Prop) : Prop := ex_intro : forall (x : A), P x ex P Inductive sig (A : Type) (P : A Type) : Type := sig_intro : forall (x : A), P x sig P

19/30 First-order Logic in Coq Example with : Definition smaller : { n : nat & 0 <= n }. Proof. exists 3. auto. Defined. Theorem muchsmaller : exists n : nat, 0 <= n. Proof. exists 37. auto. (* does not automatically solve 0 <= 37. Searches to some fixed depth *) auto 38. (* this solves the goal. We do le_s 37 times and le_n 1 time. So, we need depth 38 *) Qed.

20/30 Short intermezzo: Defined vs Qed Qed makes an opaque definition (no unfolding). Eval compute in muchsmaller. (* = muchsmaller : exists n : nat, 0 <= n *) Defined makes a transparent definition (with unfolding). Eval compute in smaller. (* = existt (fun n : nat 0 <= n) 3 (le_s 0 2 (le_s 0 1 (le_s 0 0 (le_n 0) ) ) ) : {n : nat & 0 <= n} *)

Now we can finally do the real work: make recursive predicates. How to do this? The constructors tell how to prove the predicate. 21/30

22/30 Getting started: equality How can we prove x = y? We can use reflexivity. Print eq. (* Inductive eq (A : Type) (x : A) : A Prop := eq_refl : x = x *)

23/30 Another Simple Predicate We can define n < 2 as follows. Inductive lessthantwo : nat Prop := zero : lessthantwo 0 one : lessthantwo 1. Then we can easily prove: Theorem zeroorone : forall n : nat, lessthantwo n n = 0 n = 1. Proof. intro n. split. induction 1 ; auto. intro H. destruct H ; rewrite H ; constructor. Qed.

24/30 Another Simple Predicate We can define n < 2 as follows. Inductive lessthantwo : nat Prop := zero : lessthantwo 0 one : lessthantwo 1. Then we can easily prove: Theorem twonotlessthantwo : lessthantwo 2 False. Proof. intro H. inversion H. Qed.

25/30 A More Complicated Predicate: Even Numbers We define a predicate for the even numbers. Inductive even : nat Prop := evenz : even 0 evenss : forall n : nat, even n even (S (S n)). Hint Constructors even. We need to give a hint, so that the auto tactic also considers the constructors of even.

26/30 A More Complicated Predicate: Even Numbers Adding two even numbers: an automated proof. Theorem evenadd : forall (n m : nat), even n even m even (n + m). Proof. induction 1 ; induction 1 ; simpl ; auto. Qed. (In the book he is screwing around with inversion)

27/30 A More Complicated Predicate: Even Numbers Without automation. Theorem evenadd : forall (n m : nat), even n even m even (n + m). Proof. induction 1 ; induction 1 ; simpl ; constructor ; apply IHeven ; constructor ; apply H0. Qed.

28/30 A More Complicated Predicate: Even Numbers Theorem oddsuccessor : forall (n : nat), even n even (S n) False. Proof. intro n. induction 1 ; intro H0. inversion H0. apply IHeven. inversion H0. apply H2. Qed.

29/30 A More Complicated Predicate: Even Numbers Theorem eventwice : forall (n : nat), even (n + n). Proof. induction n ; simpl. auto. rewrite plus_n_sm. constructor. apply IHn. Qed.

30/30 A More Complicated Predicate: Even Numbers Theorem evencontra : forall (n : nat), even (S (n + n)) False. Proof. intro n. apply oddsuccessor. apply eventwice. Qed.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback