Induction in Coq. Nate Foster Spring 2018

Similar documents
Verification in Coq. Prof. Clarkson Fall Today s music: Check Yo Self by Ice Cube

MoreIntro_annotated.v. MoreIntro_annotated.v. Printed by Zach Tatlock. Oct 04, 16 21:55 Page 1/10

Infinite Objects and Proofs 1

CIS 500 Software Foundations. Midterm I. (Standard and advanced versions together) October 1, 2013 Answer key

CIS 500: Software Foundations

CIS 500: Software Foundations

Inductive data types

Introduction to dependent types in Coq

MoreIntro.v. MoreIntro.v. Printed by Zach Tatlock. Oct 07, 16 18:11 Page 1/10. Oct 07, 16 18:11 Page 2/10. Monday October 10, 2016 lec02/moreintro.

Introduction to Co-Induction in Coq

CIS 500: Software Foundations

Theorem Proving Principles, Techniques, Applications Recursion

CS 456 (Fall 2018) Scribe Notes: 2

Inductive data types (I)

Coq in a Hurry. Yves Bertot

Programming with (co-)inductive types in Coq

c constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms

Coq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=

Inductive Definitions, continued

A Coq tutorial for confirmed Proof system users

Now that we have keys defined for the maps, we can start talking about maps. The first of these are Total Maps. Total Maps are defined as follows:

Logic and Computation Lecture 20 CSU 290 Spring 2009 (Pucella) Thursday, Mar 12, 2009

Inductive prod (A B : Set) : Set := pair : A -> B -> prod A B. Inductive sum (A B : Set) : Set := inl : A -> sum A B inr : B -> sum A B.

Introduction to the Coq proof assistant First part

Certified Programming with Dependent Types

Fall Recursion and induction. Stephen Brookes. Lecture 4

Functional Programming in Coq. Nate Foster Spring 2018

Analysis of dependent types in Coq through the deletion of the largest node of a binary search tree

10 Years of Partiality and General Recursion in Type Theory

CS3110 Spring 2017 Lecture 9 Inductive proofs of specifications

3 Pairs and Lists. 3.1 Formal vs. Informal Proofs

Programming with dependent types: passing fad or useful tool?

Types Summer School Gothenburg Sweden August Dogma oftype Theory. Everything has a type

Expr_annotated.v. Expr_annotated.v. Printed by Zach Tatlock

LASER 2011 Summerschool Elba Island, Italy Basics of COQ

Ideas over terms generalization in Coq

Coq, a formal proof development environment combining logic and programming. Hugo Herbelin

Intrinsically Typed Reflection of a Gallina Subset Supporting Dependent Types for Non-structural Recursion of Coq

August 5-10, 2013, Tsinghua University, Beijing, China. Polymorphic types

SOFTWARE VERIFICATION AND COMPUTER PROOF (lesson 1) Enrico Tassi Inria Sophia-Antipolis

4 Programming with Types

Coq in a Hurry. Yves Bertot. To cite this version: HAL Id: inria v6

Coq in a Hurry. Yves Bertot. October 2008

CIS 194: Homework 8. Due Wednesday, 8 April. Propositional Logic. Implication

Functional Programming with Isabelle/HOL

Coq. LASER 2011 Summerschool Elba Island, Italy. Christine Paulin-Mohring

15 212: Principles of Programming. Some Notes on Continuations

Programming Languages Fall 2014

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter 12

Advanced Features: Type Classes and Relations

Lecture Notes on Induction and Recursion

Vector Clocks in Coq

Induction Schemes. Math Foundations of Computer Science

Heq: a Coq library for Heterogeneous Equality

Fall 2018 Lecture N

The Worker/Wrapper Transformation

Adam Chlipala University of California, Berkeley ICFP 2006

Lecture 14: Recursive Types

Structures in Coq January 27th 2014

Combining Programming with Theorem Proving

Catamorphism Generation and Fusion Using Coq

Ruby Extension Library Verified using Coq Proof-assistant

CSE 20 DISCRETE MATH WINTER

Coq with Classes. Matthieu Sozeau. Journées PPS 2011 September 5th 2011 Trouville, France. Project Team πr 2 INRIA Paris

Static and User-Extensible Proof Checking. Antonis Stampoulis Zhong Shao Yale University POPL 2012

CS 11 Ocaml track: lecture 2

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL

Equations: a tool for dependent pattern-matching

On a few open problems of the Calculus of Inductive Constructions and on their practical consequences

CMSC 330: Organization of Programming Languages. Functional Programming with Lists

The Coq Proof Assistant A Tutorial

Formalizing inference systems in Coq by means of type systems for Curry

Introduction to Coq Proof Assistant

CS 61A Interpreters, Tail Calls, Macros, Streams, Iterators. Spring 2019 Guerrilla Section 5: April 20, Interpreters.

A CONSTRUCTIVE SEMANTICS FOR REWRITING LOGIC MICHAEL N. KAPLAN

Logical Verification Course Notes. Femke van Raamsdonk Vrije Universiteit Amsterdam

A Simple Supercompiler Formally Verified in Coq

A constructive denotational semantics for Kahn networks in Coq

Introduction to OCaml

Mathematics for Computer Scientists 2 (G52MC2)

CS3110 Spring 2017 Lecture 8 Specifications continued

Recursion and Induction

type classes & locales

L04_in_class.v. L04_in_class.v. Printed by Zach Tatlock

Problem Set CVO 103, Spring 2018

Programming and Proving in Isabelle/HOL

Built-in Module BOOL. Lecture Note 01a

The University of Nottingham

The Worker/Wrapper Transformation

The Coq Proof Assistant A Tutorial

An intuitionistic proof of a discrete form of the Jordan Curve Theorem formalized in Coq with combinatorial hypermaps

Bidirectional Certified Programming

Lecture 6: Sequential Sorting

Formalization of Array Combinators and their Fusion Rules in Coq

Coq Summer School, Session 9 : Dependent programs with logical parts. Pierre Letouzey

Programming and Reasonning with PowerLists in Coq. Virginia Niculescu. Rapport n o RR

CMSC 330, Fall 2013, Practice Problems 3

Concrete Semantics. A Proof Assistant Approach. Tobias Nipkow Fakultät für Informatik Technische Universität München

Cornell University 12 Oct Solutions. (a) [9 pts] For each of the 3 functions below, pick an appropriate type for it from the list below.

Week 5 Tutorial Structural Induction

Transcription:

Induction in Coq Nate Foster Spring 2018

Review Previously in 3110: Functional programming in Coq Logic in Coq Curry-Howard correspondence (proofs are programs) Today: Induction in Coq

REVIEW: INDUCTION ON NATURAL NUMBERS AND LISTS

Structure of inductive proof Theorem: for all natural numbers n, P(n). Proof: by induction on n Case: n = 0 Show: P(0) Case: n = k+1 IH: P(k) Show: P(k+1) QED

Sum to n let rec sum_to n = if n=0 then 0 else n + sum_to (n-1) Theorem: for all natural numbers n, sum_to n = n * (n+1) / 2. Proof: by induction on n nx i=0 i P(n) (sum_to n = n * (n+1) / 2)

Base case let rec sum_to n = if n=0 then 0 else n + sum_to (n-1) Case: n = 0 Show: P(0) sum_to 0 = 0 * (0+1) / 2 0 = 0 * (0+1) / 2 0 = 0

Inductive case let rec sum_to n = if n=0 then 0 else n + sum_to (n-1) Case: n = k+1 IH: P(k) sum_to k = k * (k+1) / 2 Show: P(k+1) sum_to (k+1) = (k+1) * (k+2) / 2 (k+1) + sum_to (k+1-1) = (k+1) * (k+2) / 2 (k+1) + sum_to k = (k+1) * (k+2) / 2 (k+1) + k * (k+1) / 2 = (k+1) * (k+2) / 2 and that holds by algebraic reasoning QED

Structure of inductive proof Theorem: for all natural numbers n, P(n). Proof: by induction on n Case: n = 0 Show: P(0) Case: n = k+1 IH: P(k) Show: P(k+1) QED

Structure of inductive proof Theorem: for all lists lst, P(lst). Proof: by induction on lst Case: lst = [] Show: P([]) Case: lst = h::t IH: P(t) Show: P(h::t) QED

Append nil let rec (@) lst1 lst2 = match lst1 with [] -> lst2 h::t -> h :: (t @ lst2) Theorem: for all lists lst, lst @ [] = lst. Proof: by induction on lst P(lst) lst @ [] = lst

Base case let rec (@) lst1 lst2 = match lst1 with [] -> lst2 h::t -> h :: (t @ lst2) Case: lst = [] Show: P([]) [] @ [] = [] [] = []

Inductive case let rec (@) lst1 lst2 = match lst1 with [] -> lst2 h::t -> h :: (t @ lst2) P(lst) lst @ [] = lst Case: lst = h::t IH: P(t) t @ [] = t Show: P(h::t) (h::t) @ [] = h::t h::(t @ []) = h::t h::t = h::t QED

Append nil in Coq Theorem app_nil : forall (A:Type) (lst : list A), lst ++ nil = lst. Proof. intros A lst. induction lst as [ h t IH]. - trivial. - simpl. rewrite -> IH. trivial. Qed.

Append nil in Coq Theorem app_nil : forall (A:Type) (lst : list A), lst ++ nil = lst. Proof. intros A lst. induction lst as [ h t IH]. - trivial. - simpl. rewrite -> IH. trivial. Qed. rewrite -> tactic replaces LHS of equality with RHS ++ is append operator in Coq base case: nothing to name inductive case: name head, tail, and inductive hypothesis

Append is associative Theorem app_assoc : forall (A:Type) (l1 l2 l3 : list A), l1 ++ (l2 ++ l3) = (l1 ++ l2) ++ l3. Proof. intros A l1 l2 l3. induction l1 as [ h t IH]. - trivial. - simpl. rewrite -> IH. trivial. Qed.

INDUCTION ON NATS

Inductive types induction works on inductive types, e.g. Inductive list (A : Type) : Type := nil : list A cons : A -> list A -> list A Need an inductive definition of natural numbers

Naturals Inductive nat : Set := O : nat (* zero *) S : nat -> nat (* succ *) type nat = O S of nat 0 is O 1 is S O 2 is S (S O) 3 is S (S (S O)) unary representation Peano arithmetic

Induction on nat(ural)s Theorem: for all n:nat, P(n) Proof: by induction on n Theorem: for all naturals n, P(n) Proof: by induction on n Case: n = O Show: P(O) Case: n = 0 Show: P(0) Case: n = S k IH: P(k) Show: P(S k) Case: n = k+1 IH: P(k) Show: P(k+1) QED QED

Goal: redo this proof in Coq let rec sum_to n = if n=0 then 0 else n + sum_to (n-1) nx i=0 i Theorem: for all natural numbers n, sum_to n = n * (n+1) / 2. Proof: by induction on n

Defining sum_to Fixpoint sum_to (n:nat) : nat := if n = 0 then 0 else n + sum_to (n-1). Error: The term "n = 0" has type "Prop" which is not a (co-)inductive type. Fixpoint sum_to (n:nat) : nat := if n =? 0 then 0 else n + sum_to (n-1). Recursive definition of sum_to is ill-formed.... Recursive call to sum_to has principal argument equal to "n - 1" instead of a subterm of "n".

No infinite loops Fixpoint inf (x:nat) : nat := inf x. Recursive definition of inf is ill-formed.... Recursive call to inf has principal argument equal to "x" instead of a subterm of "x".

Why no infinite loops? In OCaml: # let rec inf x = inf x val inf : 'a -> 'b = <fun> By propositions-as-types, these are the same: 'a -> 'b A B What if A=True, B=False? Infinite loops prove False!

Defining sum_to Fixpoint sum_to (n:nat) : nat := match n with 0 => 0 S k => n + sum_to k end. sum_to is defined k is a subterm of n, because n = S k,

Sum to n in Coq Theorem sum_sq_no_div : forall n : nat, 2 * sum_to n = n * (n+1). Proof. intros n. induction n as [ k IH]. - trivial. - rewrite -> sum_helper. rewrite -> IH. ring. Qed. tactic that finds proofs for algebraic equations on rings base case: nothing to name inductive case: name inner nat and inductive hypothesis

Helper theorem Lemma and Theorem are synonymous Lemma sum_helper : forall n : nat, 2 * sum_to (S n) = 2 * S n + 2 * sum_to n. Proof. intros n. simpl. ring. Qed.

Induction and recursion Intense similarity between inductive proofs and recursive functions on variants In proofs: one case per constructor In functions: one pattern-matching branch per constructor In proofs: uses IH on "smaller" value In functions: uses recursive call on "smaller" value Proofs = programs Inductive proofs = recursive programs

Upcoming events [next Tuesday] Prelim II [next Wednesday] A5 out [next Friday] Yaron Minsky talk

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback