During this session, we shall present how the type system of Coq allows us to define
specifications using inductive declarations.
Simple
inductive definitions
4 The first line
expresses that we are defining a predicate
4 The second and third lines give ways
to prove instances of this predicate
4 even0 and evenS can be used like theorems
4 They are called constructors
4 even, even0, evenS and even_ind are defined by this definition
Using
constructors as theorems
Meaning
of constructors
4 The arrow in
constructors is an implication
4 Goal-directed
proof works by backward chaining
4 the operational
meaning in proofs walks the arrow backwards
4 Unlike the
symbol => in function
definitions
4 premises of
constructors should be 'simpler' than conclusions
Meaning
of the inductive definition
4 Not just any
relation so that the constructors are verified
4 The smallest one
4 For all other predicate P so that formulas similar to constructors hold, the
inductive predicate implies P
forall P : nat -> Prop,
(P 0) -> \\ as in even0 \\
(forall n : nat, P n -> P (S (S n))) -> \\ as in
evenS \\
forall k : nat, even k -> P k
Minimality
and induction principle
4 The induction
principle can be derived from minimality
4 Tip : proving P n /\ even n using minimality give induction
4 For every true statement of even n, there exists a proof done solely
with constructors
4 The induction principle can be use
to establish consequences from the inductive predicate
Example
proof with induction principle
4 Patterned after
constructors
4 Induction hypotheses for premises
that are instances of the inductive predicate
4 hypothesis H was even n
4 three copies of exist k, n = 2 * n have been
generated
4 n has been
replaced by 0, n, and S (S n)
4 values taken
from the constructors of even
A
relation already used in previous lectures
The ≤ relation on nat is defined by the means of an inductive predicate :
The
proposition (le n m) is denoted by n <= m.
n is called a parameter of the previous
definition.
It is used in a
stable manner throughout the definition :every
occurrence of le has n as first
argument
Reasoning
with inductive predicates
Use constructors
as introduction rules.
The
induction principle for le
In order to
prove that for every p > n, P p, prove :
4P n
4 for any m > n, if P m holds, then P (S m) holds.
Use induction or destruct
as elimination tactics.
We recognize
the scheme :
p <= q -> P q where P q is n <= q.
Thus, the base
case is n <=
p
and the inductive step is
forall q, p <= q
-> n <= q -> n <= S q.
The tactic
constructor tries to make the goal progress by applying a constructor.
Constructors are tried in the order of the inductive type definition.
Constructing
induction principles
4 Parameterless
arity : nat -> Prop
4 Parameter-bound
predicate : le n
4 quantify over
parameters, then a predicate with parameterless
arity
forall n : nat, forall P : nat -> Prop,
4 Process each
constructor, add an epilogue
Process
each constructor
4 Abstract over
the parameter-bound predicate
4for le_n le n n
fun X
: nat -> Prop => X n
4for le_S forall n, le n m -> le n (S m) fun X =>
forall n, X m -> X (S m)
4 Duplicate
instances of X in premises,
with a new variable
4for le_n le n n
fun
X Y : nat -> Prop => X n
4for le_S forall n, le n m -> le n (S m)
fun X Y => forall n, Y m -> X m -> X (S m)
4 Instanciate X with
P, Y with le n (the
parameter-bound predicate)
Adding an epilogue
4 Express that every object that
satisfies the parameter-bound predicate also satisfies the property P
4 forall m:nat, le n m -> P m
Logical
connectives as inductive definitions
Most logical
connectives are defined using inductive types :
4 Conjunction /\
4 Disjunction \/
4 Existential
quantification ∃
4 Equality
4 Truth and False
Notable
exceptions :implication, negation.
Let us revisit
the 3rd and 4th lectures.
Logical
connectives :conjunction
Conjunction is a
pair :
4 Term (and A B) is denoted (A /\ B).
4 Prove a conjunction goal with the split
tactic (generates two subgoals).
4 Use a conjunction hypothesis with
the destruct as [...] tactic.
Logical
connectives :disjunction
Disjunction is a
two constructors inductive :
4 Term (or A B) is denoted(A \/ B).
4 Prove a disjunction with the left, right tactics (choose the side to prove).
4 Use a conjunction hypothesis with
the case or
destruct as [...|...] tactics.
Logical
connectives :existential quantification
Existential
quantification is a pair :
4 The term ex A (fun x => P x) is denoted exists x, P x.
4 Prove an
existential goal with the exists tactic.
4 Use an existential hypothesis with
the destruct as [...] tactic.
Equality
The built-in (predefined)
equality relation in Coq is a parametric inductive
type :
4 Term eq A x y is denoted
(x = y)
4 The induction
principle is :
4 Use an equality hypothesis with the rewrite [<-] tactic (uses eq_ind)
4 Remember equality is computation
compliant !
Because + is a program.
4 Prove trivial equalities (modulo
computation) using the reflexivity tactic.
Truth
The [truth] is a proposition that
can be proved under any assumption, in any context. Hence it should not require
any argument or parameter.
Its induction
principle is :
which is not of
much help...
Falsehood
Falsehood
should be a proposition of which no proof can be built
(in empty
context).
In Coq, this is
encoded by an inductive type with no constructor
:
coming with the
induction principle :
often referred
to as ex falso
quod libet.
4 To prove a False goal, often apply a negation hypothesis.
4 To use a H :False hypothesis, use
destruct H.
A toy programming language
A
type for the variables
Note : If you wanted an infinite
number of variables, you would have written :
Inductive
toy_Var : Set := toy_Var (label : nat). or
Require Import String.
Inductive toy_Var : Set := toy_Var (name: string).
Expressions
We associate a
constructor to each way of building an expression :
4 integer
constants
4 variables
4 application of a
binary operation
Statements
We can define the predicate [the variable v appears in the expression e] :
Constructors
are between [|] and [:].
For proving that some given variable
is assigned in some given statement, just apply (a finite number of times) the
constructors.