SlideShare ist ein Scribd-Unternehmen logo

Coq Tutorial at Proof Summit 2011

T
tmiya
Technologie
1 von 82
Downloaden Sie, um offline zu lesen
Proof Summit 2011 Coq @tmiya September 25, 2011 @tmiya : Coq , 1
0. Coq Coq Coq Coq • • Coq • • @tmiya : Coq , 2
1. Coq Lightweight • ( ) • • • • • • ( ) • • • or @tmiya : Coq , 3
1. Coq Coq INRIA OCaml CIC = Calculus of Inductive Construction tactic tactic Coq Coq OCaml, Haskell, Scheme @tmiya : Coq , 4
2. Coq Coq Coqtop, CoqIDE CUI Coqtop / : % coqtop Welcome to Coq 8.3pl1 (December 2010) Coq < Eval compute in (2+3). = 5 : nat Coq < Quit. % Coq CoqIDE coqide @tmiya : Coq , 5
2. Coq Proof General : emacs Proof General ~/.emacs (load-file "***/ProofGeneral/generic/proof-site.el") proof-site.el Coq (*.v) Proof General @tmiya : Coq , 6
3. Coq Coq < Definition x := 1. (* x *) x is defined (* := *) Coq < Check x. (* x *) x : nat (* nat = *) Coq < Print x. (* x *) x = 1 : nat Coq < Definition x := 2. (* x *) Error: x already exists (* --> *) Reset x. Module ( ) @tmiya : Coq , 7
3. Coq 1 2 Coq < Definition f x y := x - y. (* f *) f is defined Coq < Check f. f : nat -> nat -> nat (* nat->(nat->nat) *) Coq < Definition f’ := f 3. (* f’ y = f 3 y *) f’ is defined Coq < Check f’. f’ : nat -> nat (* nat nat *) Coq < Eval compute in (f’ 1). (* f’ 1 = f 3 1 = 2 *) = 2 : nat ( @tmiya : Coq , 8
3. Coq Coq < Check (fun x => 2 * x). (* *) fun x : nat => 2 * x : nat -> nat Coq < Eval compute in ((fun x => 2 * x) 3). = 6 : nat Coq < Definition double := (fun x => 2 * x). double is defined (* double *) Coq . @tmiya : Coq , 9
3. Coq Coq < Definition twice(f:nat->nat):nat->nat := Coq < fun x => f (f x). twice is defined Coq < Definition add5(x:nat) := x + 5. add5 is defined Coq < Definition twice_add5 := twice add5. twice_add5 is defined Coq < Eval compute in (twice_add5 2). = 12 : nat @tmiya : Coq , 10
3.1. int, float Coq nat ( ) Weekday Coq < Inductive Weekday : Set := Coq < Sun | Mon | Tue | Wed | Thr | Fri | Sat. Coq < Check Sun. Sun (* Sun *) : Weekday (* Weekday *) Coq < Check Weekday. Weekday (* *) : Set (* Set *) Set @tmiya : Coq , 11
3.1. ( ) Coq < Definition nextday d := Coq < match d with Coq < | Sun => Mon : (* *) Coq < | Sat => Sun Coq < end. nextday is defined Coq < Check nextday. nextday (* *) : Weekday -> Weekday Coq < Eval compute in (nextday Mon). (* *) prevday @tmiya : Coq , 12
3.1. Bool Coq < Inductive Bool : Set := Coq < | tru : Bool Coq < | fls : Bool. Coq < Definition And(b1 b2:Bool):Bool := Coq < match b1,b2 with Coq < | tru,tru => tru Coq < | _,_ => fls Coq < end. Or, Not Eval @tmiya : Coq , 13
3.1. bool ( ) bool Coq < Print bool. Coq < Print andb. Coq < Print orb. Coq < Print negb. bool Coq < Print unit. @tmiya : Coq , 14
3.1. De Morgan (1) Coq < Theorem De_Morgan_1 : forall b1 b2, Coq < Not (And b1 b2) = Or (Not b1) (Not b2). 1 subgoal ============================ forall b1 b2 : Bool, Not (And b1 b2) = Or (Not b1) (Not b2) De_Morgan_1 < intros. 1 subgoal (* b1 b2 *) b1 : Bool b2 : Bool ============================ Not (And b1 b2) = Or (Not b1) (Not b2) @tmiya : Coq , 15
3.1. De Morgan (2) De_Morgan_1 < destruct b1; destruct b2. 4 subgoals (* b1 b2 *) ============================ Not (And tru tru) = Or (Not tru) (Not tru) subgoal 2 is: Not (And tru fls) = Or (Not tru) (Not fls) subgoal 3 is: Not (And fls tru) = Or (Not fls) (Not tru) subgoal 4 is: Not (And fls fls) = Or (Not fls) (Not fls) @tmiya : Coq , 16
3.1. De Morgan (3) De_Morgan_1 < simpl. 4 subgoals (* *) ============================ fls = fls (* *) De_Morgan_1 < reflexivity. 3 subgoals (* = *) ============================ Not (And tru fls) = Or (Not tru) (Not fls) subgoal 2 is: Not (And fls tru) = Or (Not fls) (Not tru) subgoal 3 is: Not (And fls fls) = Or (Not fls) (Not fls) @tmiya : Coq , 17
3.1. De Morgan (4) De_Morgan_1 < simpl; reflexivity. De_Morgan_1 < simpl; reflexivity. De_Morgan_1 < simpl; reflexivity. Proof completed. De_Morgan_1 < Qed. intros. destruct b1; destruct b2. simpl in |- *. reflexivity. simpl in |- *; reflexivity. simpl in |- *; reflexivity. simpl in |- *; reflexivity. De_Morgan_1 is defined Not (Or b1 b2) = And (Not b1) (Not b2) @tmiya : Coq , 18
3.1. 1. Yes, Maybe, No Bool3 2. Bool3 And3, Or3, Not3 3. ( ) De Morgan @tmiya : Coq , 19
3.2. nat nat ( ) Coq < Print nat. Inductive nat : Set := O : nat | S : nat -> nat O( O) 0 S nat nat Peano Coq < Eval compute in (S (S (S O))). = 3 : nat S (S (S O)) Coq 3 @tmiya : Coq , 20
3.2. nat n Coq < Fixpoint add(n m:nat):nat := Coq < match n with Coq < | O => m Coq < | S n’ => S (add n’ m) Coq < end. add is recursively defined (decreasing on 1st argument) Fixpoint ( O) 0 S nat 1 nat Peano Coq < Eval compute in (add (S (S O)) (S O)). = 3 : nat (call-by-value) @tmiya : Coq , 21
3.2. nat _,_ OK Coq < Fixpoint eq_nat(n m:nat):bool := Coq < match n,m with Coq < | O,O => true Coq < | S n’, S m’ => eq_nat n’ m’ Coq < | _,_ => false Coq < end. Coq < Eval compute in (eq_nat 3 3). le_nat le_nat n m n≤m Coq ( ) @tmiya : Coq , 22
3.2. Coq ( ) n ({struct n} Coq ) Coq < Fixpoint add’(n m:nat){struct n} := Coq < match n with Coq < | O => m Coq < | S n’ => S (add’ n’ m) Coq < end. add’ is recursively defined (decreasing on 1st argument) add’ 2 3 add’ add’ (S (S O)) 3 = S (add’ (S O) 3) = S (S (add’ O 3)) = S (S 3) = 5. @tmiya : Coq , 23
3.2. ( ) Coq ( )( ) Coq ( Coq ) Coq ( ) (Coq ) Coq @tmiya : Coq , 24
3.2. 1. mul add 2. mul fact 3. sub n=0 sub 0 m = 0 4. div3 Eval Fixpoint div3(n:nat) := match n with | S (S (S n’)) => S (div3 n’) | _ => O end. sub div n m Coq ( ) @tmiya : Coq , 25
3.3. cond c vt vf c:bool true vt false vf vt, vf Set A Coq < Definition cond{A:Set}(c:bool)(vt vf:A) := Coq < match c with Coq < | true => vt Coq < | false => vf Coq < end. Coq < Eval compute in (cond true 2 3). = 2 : nat Coq < Eval compute in (cond false false true). = true : bool {A:Set} cond A ( ) Coq < Eval compute in (@cond nat false 2 3). @tmiya : Coq , 26
3.3. option ( ) null option (Haskell Maybe ) ( Coq sumor ) Coq < Print option. Inductive option (A : Type) : Type := Some : A -> option A | None : option A Definition option_map {A B:Type} (f:A->B)(o:option A) := match o with | Some a => Some (f a) | None => None end. Coq < Eval compute in (option_map (fun x => x + 1) (Some 1)). @tmiya : Coq , 27
3.3. prod sum prod A B A B prod A B A * B ( x , y , .. , z ) (pair .. (pair x y) .. z) Coq < Check (2,true,3). (2, true, 3) : nat * bool * nat prod fst, snd sum A B A B Coq < Definition test_sum (s:sum nat bool) := Coq < match s with Coq < | inl n => n Coq < | inr true => 1 Coq < | inr false => 0 Coq < end. prod, sum Curry-Howard @tmiya : Coq , 28
3.3. List List List :: cons Type Set (Check Set. ) Coq < Require Import List. Coq < Print list. Inductive list (A : Type) : Type := nil : list A | cons : A -> list A -> list A Coq < Check (1::2::nil). 1 :: 2 :: nil : list nat @tmiya : Coq , 29
3.3. List List List nil x::xs Coq < Fixpoint append{A:Type}(xs ys:list A):= Coq < match xs with Coq < | nil => ys Coq < | x::xs’ => x::(append xs’ ys) Coq < end. Coq < Eval compute in (append (1::2::nil) (3::4::nil)). Coq < Fixpoint olast{A:Type}(xs:list A):option A := Coq < match xs with Coq < | nil => None Coq < | a::nil => Some a Coq < | _::xs’ => olast xs’ Coq < end. Coq < Eval compute in (olast (1::2::3::nil)). @tmiya : Coq , 30
3.3. List 1. len{A:Type}(xs:list A):nat Eval compute in (len (1::2::3::nil)). 2. list bool true true all_true(xs:list bool):bool nil true 3. x Some x None ohead{A:Type}(xs:list A):option A 4. s, n s :: s+1 :: ... :: (s+n-1) :: nil nat_list(s n:nat):list nat 5. reverse{A:Type}(xs:list A):list A append @tmiya : Coq , 31
4. Bool De Morgan P Q ¬(P ∧ Q) ¬P ∨ ¬Q F F T T F T T T T F T T T T F F Bool, nat Inductive (nat O S n ) Coq Prop ( ) @tmiya : Coq , 32
4. P P ¬P ( ) ab a, b √ √ √ 2 1. a = b = 2 a, b ab = 2 √ √2 √ 2. ab √ a = √2 , b = 2 √ a, b √ 2 √2 √ 2 2 √ 2 ab = ( 2 ) = 2 = 2 =2 √ √ 2 2 (P) (~P) ab a, b ab a, b @tmiya : Coq , 33
4. ( ) Modus Ponens A A B B (Γ = ( ) ) Γ A Γ A → B (→ ) Γ B ( )→ Coq B Hab : A → B apply Hab. tactic A Ha : A exact Ha. @tmiya : Coq , 34
4. Coq tactic tactic assumption. exact H. trivial. ... H : A ... ------------------------ A exact . A∈Γ ( ) Γ A @tmiya : Coq , 35
4.1. → → A → B (CUI A -> B ) A intro Ha. tactic Ha : A B Coq ... Γ, A B (→ ) Γ A→B H1 → H2 → · · · → Hn → B intros H1 H2 ... Hn. intro intro. intros. Coq → Modus Ponens tactic apply . @tmiya : Coq , 36
4.1. → → (1) tactic Set P Prop P P P p : P ( Set, Prop Type ) Section imp_sample. Variables P Q R : Prop. Theorem imp_sample : (P -> (Q -> R)) -> (P -> Q) -> P -> R. 1 subgoal ============================ (P -> Q -> R) -> (P -> Q) -> P -> R === tactic → intro(s) @tmiya : Coq , 37
4.1. → → (2) → intros tactic intro(s) imp_sample < intros pqr pq p. 1 subgoal pqr : P -> Q -> R pq : P -> Q p : P ============================ R R pqr apply pqr. @tmiya : Coq , 38
4.1. → → (3) R apply pqr. pqr P -> Q -> P Q imp_sample < apply pqr. 2 subgoals pqr : P -> Q -> R pq : P -> Q p : P ============================ P subgoal 2 is: Q P assumption. @tmiya : Coq , 39
4.1. → → (4) P assumption. Q imp_sample < assumption. 1 subgoal pqr : P -> Q -> R pq : P -> Q p : P ============================ Q Q @tmiya : Coq , 40
4.1. → → (5) imp_sample < apply pq. 1 subgoal pqr : P -> Q -> R pq : P -> Q p : P ============================ P imp_sample < assumption. Proof completed. imp_sample < Qed. Qed. @tmiya : Coq , 41
4.2. ∧ ∧ (1) P ∧Q P Q pq : P / Q destruct pq as [p q]. tactic p : P q : Q destruct pq. p,q Coq P ∧Q P Q P ∧Q split. tactic P / Q P, Q Coq < Variable P Q R:Prop. Coq < Theorem and_assoc : (P/Q)/R -> P/(Q/R). 1 subgoal ============================ (P / Q) / R -> P / Q / R @tmiya : Coq , 42
4.2. ∧ ∧ (2) intro → ∧ and_assoc < intro pqr. 1 subgoal pqr : (P / Q) / R ============================ P / Q / R and_assoc < destruct pqr as [[p q] r]. 1 subgoal p : P q : Q r : R ============================ P / Q / R @tmiya : Coq , 43
4.2. ∧ ∧ (3) assumption ; tactic split assumption and_assoc < split. 2 subgoals ============================ P subgoal 2 is: Q / R and_assoc < assumption. 1 subgoal ============================ Q / R and_assoc < split; assumption. Proof completed. and_assoc < Qed. @tmiya : Coq , 44
4.3. ∨ ∨ (1) P ∨Q P Q pq : P / Q destruct pq as [pq].— tactic p : P q : Q destruct pq. p,q Coq P ∨Q P Q P ∨Q left. right. tactic P Q Coq < Variable P Q R:Prop. Coq < Theorem or_assoc : (P/Q)/R -> P/(Q/R). 1 subgoal ============================ (P / Q) / R -> P / Q / R @tmiya : Coq , 45
4.3. ∨ ∨ (2) intro → ∨ and_assoc < intro pqr. or_assoc < destruct pqr as [[p|q]|r]. 3 subgoals p : P ============================ P / Q / R subgoal 2 is: P / Q / R subgoal 3 is: P / Q / R @tmiya : Coq , 46
4.3. ∨ ∨ (3) assumption or_assoc < left. 3 subgoals p : P ============================ P or_assoc < assumption. 2 subgoals q : Q ============================ P / Q / R or_assoc < right; left. 2 subgoals q : Q ============================ Q OK @tmiya : Coq , 47
4.4. ¬ ¬ (1) ¬P P → False False Inductive False : Prop := ~P intro p. p : P False H : False elim H. np : ~P elim np. P (¬¬P P ) ( ) @tmiya : Coq , 48
4.4. ¬ ¬ (2) Coq < Theorem neg_sample : ~(P / ~P). 1 subgoal ============================ ~ (P / ~ P) neg_sample < intro. 1 subgoal H : P / ~ P ============================ False @tmiya : Coq , 49
4.4. ¬ ¬ (3) neg_sample < destruct H as [p np]. 1 subgoal p : P np : ~ P ============================ False neg_sample < elim np. p : P np : ~ P ============================ P neg_sample < assumption. Proof completed. @tmiya : Coq , 50
4.4. ¬ Variable A B C D:Prop. Theorem ex4_1 : (A -> C) / (B -> D) / A / B -> C / D. Theorem ex4_2 : ~~~A -> ~A. Theorem ex4_3 : (A -> B) -> ~B -> ~A. Theorem ex4_4 : ((((A -> B) -> A) -> A) -> B) -> B. Theorem ex4_5 : ~~(A/~A). @tmiya : Coq , 51
5. Curry-Howard Curry-Howard (1) Theorem imp_sample’ : (P -> (Q -> R)) -> (P -> Q) -> P -> R. imp_sample’ < intros pqr pq p. imp_sample’ < Check pq. pq : P -> Q imp_sample’ < Check (pq p). pq p : Q pq P -> Q P Q pq p Q @tmiya : Coq , 52
5. Curry-Howard Curry-Howard (2) pqr, pq, p R exact tactic imp_sample’ < Check (pqr p (pq p)). pqr p (pq p) : R imp_sample’ < exact (pqr p (pq p)). Proof completed. imp_sample Print Coq < Print imp_sample. imp_sample = fun (pqr : P -> Q -> R) (pq : P -> Q) (p : P) => pqr p (pq p) : (P -> Q -> R) -> (P -> Q) -> P -> R @tmiya : Coq , 53
5. Curry-Howard Curry-Howard (3) P P P→Q P -> Q Γ P ΓP→Q (→ ) pq p Γ Q Γ, P Q (→ ) pq (p:P):Q Γ P→Q P ∧Q prod { (P,Q) inl P P ∨Q sum inr Q Curry-Howard Curry-Howard = Coq @tmiya : Coq , 54
5. Curry-Howard Curry-Howard (4) Coq ( ) Java (P → Q → R) → (P → Q) → P → R interface Fun<A,B> { public B apply(A a); } public class P {} public class Q {} public class R {} public class Proof { public R imp_sample(Fun<P,Fun<Q,R>> pqr, Fun<P,Q> pq, P p) { return pqr.apply(p).apply(pq.apply(p)); } } (Java prod sum ¬ Java ) @tmiya : Coq , 55
6. a:A P a (∀a : A, P a) : forall (a:A), P a a:A P a (∃a : A, P a) : exists (a:A), P a Coq P a:A P a:Prop A -> Prop Coq a:A P : A → Prop Coq < Definition iszero(n:nat):Prop := Coq < match n with Coq < | O => True Coq < | _ => False Coq < end. iszero is defined @tmiya : Coq , 56
6. ∀ (1) forall intro(s) forall x:X x:X -> Coq < Theorem sample_forall : forall (X:Type)(P Q:X->Prop)(x:X), P x -> (forall y:X, Q y) -> (P x / Q x). ============================ forall (X : Type) (P Q : X -> Prop) (x : X), P x -> (forall y : X, Q y) -> P x / Q x sample_forall < intros X P Q x px Hqy. X : Type P : X -> Prop Q : X -> Prop x : X px : P x Hqy : forall y : X, Q y ============================ P x / Q x @tmiya : Coq , 57
6. ∀ (2) forall y:X y X sample_forall < split. (* P x Q x *) sample_forall < assumption. (* P x px *) 1 subgoal X : Type P : X -> Prop Q : X -> Prop x : X px : P x Hqy : forall y : X, Q y ============================ Q x sample_forall < apply (Hqy x). (* Hqy y x *) Proof completed. @tmiya : Coq , 58
6.2. ∃ ∃ (1) Coq < Theorem sample_exists : forall (P Q:nat->Prop), Coq < (forall n, P n) -> (exists n, Q n) -> Coq < (exists n, P n / Q n). sample_exists < intros P Q Hpn Hqn. 1 subgoal P : nat -> Prop Q : nat -> Prop Hpn : forall n : nat, P n Hqn : exists n : nat, Q n ============================ exists n : nat, P n / Q n @tmiya : Coq , 59
6.2. ∃ ∃ (2) exists destruct sample_exists < intros P Q Hpn Hqn. P : nat -> Prop Q : nat -> Prop Hpn : forall n : nat, P n Hqn : exists n : nat, Q n ============================ exists n : nat, P n / Q n sample_exists < destruct Hqn as [n’ qn’]. P : nat -> Prop Q : nat -> Prop Hpn : forall n : nat, P n n’ : nat qn’ : Q n’ ============================ exists n : nat, P n / Q n @tmiya : Coq , 60
6.2. ∃ ∃ (3) exists x:X x:X exists x. sample_exists < destruct Hqn as [n’ qn’]. : Hpn : forall n : nat, P n n’ : nat qn’ : Q n’ ============================ exists n : nat, P n / Q n sample_exists < exists n’. : Hpn : forall n : nat, P n n’ : nat qn’ : Q n’ ============================ P n’ / Q n’ (* *) @tmiya : Coq , 61
6.2. ∃ Theorem ex5_1 : forall (A:Set)(P:A->Prop), (~ exists a, P a) -> (forall a, ~P a). Theorem ex5_2 : forall (A:Set)(P Q:A->Prop), (exists a, P a / Q a) -> (exists a, P a) / (exists a, Q a). Theorem ex5_3 : forall (A:Set)(P Q:A->Prop), (exists a, P a) / (exists a, Q a) -> (exists a, P a / Q a). Theorem ex5_4 : forall (A:Set)(R:A->A->Prop), (exists x, forall y, R x y) -> (forall y, exists x, R x y). Theorem ex5_5 : forall (A:Set)(R:A->A->Prop), (forall x y, R x y -> R y x) -> (forall x y z, R x y -> R y z -> R x z) -> (forall x, exists y, R x y) -> (forall x, R x x). @tmiya : Coq , 62
6.3. = = (1) eq (= ) Inductive eq (A : Type) (x : A) : A -> Prop := refl_equal : x = x Coq (nat bool ) (nat O Sn ) (S m Sn m=n ) ============================ n = n apply (refl_equal n). tactic reflexivity. @tmiya : Coq , 63
6.3. = = (2) plus Print plus. tactic simpl. Coq < Theorem plus_0_l : forall n, 0 + n = n. plus_0_l < intro n. n : nat ============================ 0 + n = n plus_0_l < simpl. n : nat ============================ n = n plus_0_l < reflexivity. Proof completed. @tmiya : Coq , 64
6.4. (1) ∀n : nat, n + 0 = n simpl. ============================ n + 0 = n plus_0_r < simpl. ============================ n + 0 = n plus n m n n 1. n = 0 n+0=n 2. n = n n+0=n n=Sn n+0=n @tmiya : Coq , 65
6.4. (2) n induction n as [|n’]. induction n. tactic Coq nat_ind (P ) Coq < Check nat_ind. nat_ind : forall P : nat -> Prop, P 0 -> (forall n : nat, P n -> P (S n)) -> forall n : nat, P n nat_ind nat O : nat S : nat -> nat Inductive bool bool_ind bool_ind : forall P : bool -> Prop, P true -> P false -> forall b : bool, P b @tmiya : Coq , 66
6.4. (3) induction n as [|n’]. n 0 S n’ reflexivity. OK (simpl. ) Coq < Theorem plus_0_r : forall n:nat, n + 0 = n. plus_0_r < induction n as [|n’]. 2 subgoals ============================ 0 + 0 = 0 subgoal 2 is: S n’ + 0 = S n’ plus_0_r < reflexivity. 1 subgoal n’ : nat IHn’ : n’ + 0 = n’ ============================ S n’ + 0 = S n’ @tmiya : Coq , 67
6.4. (4) n = S n’ n = n’ IHn’ S n’ + 0 = S n’ simpl. plus S (n’ + 0)= S n’ IHn’ n’ + 0 n’ rewrite IHn’. rewrite ============================ S n’ + 0 = S n’ plus_0_r < simpl. IHn’ : n’ + 0 = n’ ============================ S (n’ + 0) = S n’ plus_0_r < rewrite IHn’. IHn’ : n’ + 0 = n’ ============================ S n’ = S n’ @tmiya : Coq , 68
6.4. :m + n = n + m SearchAbout Coq < SearchAbout plus. plus_n_O: forall n : nat, n = n + 0 plus_O_n: forall n : nat, 0 + n = n plus_n_Sm: forall n m : nat, S (n + m) = n + S m plus_Sn_m: forall n m : nat, S n + m = S (n + m) mult_n_Sm: forall n m : nat, n * m + n = n * S m rewrite ( rewrite <- plus_n_Sm n’ m. rewrite H. H rewrite <- H. ) Theorem plus_comm : forall m n:nat, m + n = n + m. @tmiya : Coq , 69
6.4. (5) nat list A Theorem length_app : forall (A:Type)(l1 l2:list A), length (l1 ++ l2) = length l1 + length l2. list cons induction l1 as [|a l1’]. ( induction l1.) induction ( l2) intro 1. intros A l1 l2. induction l1 as [|a l1’]. 2. intros A l1. induction l1 as [|a l1’]. intro l2. IHl1’ (Coqtop Undo. ) @tmiya : Coq , 70
6.4. : (1) List append reverse Require Import List. Fixpoint append{A:Type}(l1 l2:list A):= match l1 with | nil => l2 | a::l1’ => a::(append l1’ l2) end. Fixpoint reverse{A:Type}(l:list A):= match l with | nil => nil | a::l’ => append (reverse l’) (a::nil) end. Theorem reverse_reverse : forall (A:Type)(l:list A), reverse (reverse l) = l. @tmiya : Coq , 71
6.4. : (2) reverse_reverse Lemma append_nil : forall (A:Type)(l:list A), append l nil = l. Lemma append_assoc : forall (A:Type)(l1 l2 l3:list A), append (append l1 l2) l3 = append l1 (append l2 l3). Lemma reverse_append : forall (A:Type)(l1 l2:list A), reverse (append l1 l2) = append (reverse l2) (reverse l1). @tmiya : Coq , 72
7. (1) Coq nat minus(n m:nat) n≤m 0 n−m+m =n ( ) sub Definition sub(m n:nat)(H:le n m) : {x:nat|x+n=m}. 1. H n≤m n≤m 2. x = m−n x +n = m ( exists x:nat, x+n=m. ) @tmiya : Coq , 73
7. (2) Coq exists nat Arith Require Import Arith. (* Arith *) Definition sub(m n:nat)(H:le n m) : {x:nat|x+n=m}. m : nat n : nat H : n <= m ============================ {x : nat | x + n = m} m, n intro generalize dependent sub < generalize dependent m. sub < generalize dependent n. ============================ forall n m : nat, n <= m -> {x : nat | x + n = m} @tmiya : Coq , 74
7. (3) eapply, erewrite apply, rewrite Qed. Defined. m n H induction n as [|n’]. (* n=0. m - n = m - 0 = m. exists m *) intros m H. exists m. eapply plus_0_r. (* n=S n’ *) induction m as [|m’]; intro H. (* m=0. m - n = 0 - (S n’) < 0 *) assert(H’: ~(S n’ <= 0)). eapply le_Sn_0. elim H’. assumption. (* m=S m’. S m’- S n’ = m’ - n’. IHn’ *) assert(H’: n’ <= m’). eapply le_S_n. assumption. assert(IH: {x:nat|x+n’=m’}). eapply IHn’. assumption. destruct IH as [x IH]. exists x. erewrite <- plus_n_Sm. rewrite IH. reflexivity. Defined. @tmiya : Coq , 75
7. (4) sub Print sub. sub OCaml minus Coq < Extraction sub. (** val sub : nat -> nat -> nat **) let rec sub m = function | O -> m | S n0 -> (match m with | O -> assert false (* absurd case *) | S n1 -> let iH = sub n1 n0 in Obj.magic iH) OCaml H @tmiya : Coq , 76
7. (5) H Theorem le_2_5 : le 2 5. Proof. repeat eapply le_n_S. repeat constructor. Qed. Eval compute in (sub 5 2 le_2_5). (* *) Eval compute in (proj1_sig (sub 5 2 le_2_5)). (* = 3:nat *) {x|x+n=m} x proj1_sig @tmiya : Coq , 77
7. minus sub minus Definition sub’(m n:nat)(H:le n m) : {x:nat|x+n=m}. Proof. (* minus *) Defined. Coq 1. minus minus 2. minus sub’ 3. refine tactic (refine ) 4. sub @tmiya : Coq , 78
8. Coq tactic (auto, ring, omega ) (Arith, List, String ) Haskell, OCaml (inversion, refine ) tactic Module @tmiya : Coq , 79
8. Interactive Theorem Proving and Program Development. Coq’Art: The Calculus of Inductive Constructions, Yves Berrot and Pierre Casteran (Springer-Verlag) : Coq Certified Programming with Dependent Types, Adam Chlipala (http://adam.chlipala.net/cpdt/) : Coq 2010 III (http://www.math.nagoya-u.ac.jp/~garrigue/lecture/ 2010_AW/index.html) : Garrigue PDF Coq in a Hurry, Yves Bertot (http://cel.archives-ouvertes.fr/docs/00/47/ 58/07/PDF/coq-hurry.pdf) : 2nd Asian-Pacific Summer School on Formal Methods (http://formes.asia/cms/coqschool/2010) : @tmiya : Coq , 80
8. Coq ProofCafe Coq CPDT Coq IT Coq Ruby, Clojure, Scala, Javascript Coq Coq http://coq.g.hatena.ne.jp/keyword/ProofCafe @tmiya : Coq , 81
8. Formal Methods Forum Coq ( ) ( ) Google group Coq 2010 Certified Programming with Dependent Types Coq Google group (http://groups.google.co.jp/group/fm-forum) Coq @tmiya : Coq , 82

Empfohlen

zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...Alex Pruden
 
ZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their ApplicationsZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their ApplicationsAlex Pruden
 
The Ring programming language version 1.5.1 book - Part 44 of 180
The Ring programming language version 1.5.1 book - Part 44 of 180The Ring programming language version 1.5.1 book - Part 44 of 180
The Ring programming language version 1.5.1 book - Part 44 of 180Mahmoud Samir Fayed
 
zkStudy Club: Subquadratic SNARGs in the Random Oracle Model
zkStudy Club: Subquadratic SNARGs in the Random Oracle ModelzkStudy Club: Subquadratic SNARGs in the Random Oracle Model
zkStudy Club: Subquadratic SNARGs in the Random Oracle ModelAlex Pruden
 
The Ring programming language version 1.8 book - Part 53 of 202
The Ring programming language version 1.8 book - Part 53 of 202The Ring programming language version 1.8 book - Part 53 of 202
The Ring programming language version 1.8 book - Part 53 of 202Mahmoud Samir Fayed
 
The Ring programming language version 1.10 book - Part 56 of 212
The Ring programming language version 1.10 book - Part 56 of 212The Ring programming language version 1.10 book - Part 56 of 212
The Ring programming language version 1.10 book - Part 56 of 212Mahmoud Samir Fayed
 
Machine Learning Live
Machine Learning LiveMachine Learning Live
Machine Learning LiveMike Anderson
 
The Ring programming language version 1.9 book - Part 43 of 210
The Ring programming language version 1.9 book - Part 43 of 210The Ring programming language version 1.9 book - Part 43 of 210
The Ring programming language version 1.9 book - Part 43 of 210Mahmoud Samir Fayed
 

Empfohlen

zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...Alex Pruden
 
ZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their ApplicationsZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their ApplicationsAlex Pruden
 
The Ring programming language version 1.5.1 book - Part 44 of 180
The Ring programming language version 1.5.1 book - Part 44 of 180The Ring programming language version 1.5.1 book - Part 44 of 180
The Ring programming language version 1.5.1 book - Part 44 of 180Mahmoud Samir Fayed
 
zkStudy Club: Subquadratic SNARGs in the Random Oracle Model
zkStudy Club: Subquadratic SNARGs in the Random Oracle ModelzkStudy Club: Subquadratic SNARGs in the Random Oracle Model
zkStudy Club: Subquadratic SNARGs in the Random Oracle ModelAlex Pruden
 
The Ring programming language version 1.8 book - Part 53 of 202
The Ring programming language version 1.8 book - Part 53 of 202The Ring programming language version 1.8 book - Part 53 of 202
The Ring programming language version 1.8 book - Part 53 of 202Mahmoud Samir Fayed
 
The Ring programming language version 1.10 book - Part 56 of 212
The Ring programming language version 1.10 book - Part 56 of 212The Ring programming language version 1.10 book - Part 56 of 212
The Ring programming language version 1.10 book - Part 56 of 212Mahmoud Samir Fayed
 
Machine Learning Live
Machine Learning LiveMachine Learning Live
Machine Learning LiveMike Anderson
 
The Ring programming language version 1.9 book - Part 43 of 210
The Ring programming language version 1.9 book - Part 43 of 210The Ring programming language version 1.9 book - Part 43 of 210
The Ring programming language version 1.9 book - Part 43 of 210Mahmoud Samir Fayed
 
Clojure for Data Science
Clojure for Data ScienceClojure for Data Science
Clojure for Data ScienceMike Anderson
 
groovy databases
groovy databasesgroovy databases
groovy databasesPaul King
 
Next Generation Indexes For Big Data Engineering (ODSC East 2018)
Next Generation Indexes For Big Data Engineering (ODSC East 2018)Next Generation Indexes For Big Data Engineering (ODSC East 2018)
Next Generation Indexes For Big Data Engineering (ODSC East 2018)Daniel Lemire
 
LCS35
LCS35LCS35
LCS35XequeMateShannon
 
Engineering fast indexes
Engineering fast indexesEngineering fast indexes
Engineering fast indexesDaniel Lemire
 
To Swift 2...and Beyond!
To Swift 2...and Beyond!To Swift 2...and Beyond!
To Swift 2...and Beyond!Scott Gardner
 
Clojure for Data Science
Clojure for Data ScienceClojure for Data Science
Clojure for Data Sciencehenrygarner
 
Dynamic C++ ACCU 2013
Dynamic C++ ACCU 2013Dynamic C++ ACCU 2013
Dynamic C++ ACCU 2013aleks-f
 
Coscup2021-rust-toturial
Coscup2021-rust-toturialCoscup2021-rust-toturial
Coscup2021-rust-toturialWayne Tsai
 
MySQL 5.7 NF – JSON Datatype 활용
MySQL 5.7 NF – JSON Datatype 활용MySQL 5.7 NF – JSON Datatype 활용
MySQL 5.7 NF – JSON Datatype 활용I Goo Lee
 
Fast indexes with roaring #gomtl-10
Fast indexes with roaring #gomtl-10 Fast indexes with roaring #gomtl-10
Fast indexes with roaring #gomtl-10 Daniel Lemire
 
Coscup2021 - useful abstractions at rust and it's practical usage
Coscup2021 - useful abstractions at rust and it's practical usageCoscup2021 - useful abstractions at rust and it's practical usage
Coscup2021 - useful abstractions at rust and it's practical usageWayne Tsai
 
Google App Engine Developer - Day3
Google App Engine Developer - Day3Google App Engine Developer - Day3
Google App Engine Developer - Day3Simon Su
 
RealmDB for Android
RealmDB for AndroidRealmDB for Android
RealmDB for AndroidGlobalLogic Ukraine
 
Engineering fast indexes (Deepdive)
Engineering fast indexes (Deepdive)Engineering fast indexes (Deepdive)
Engineering fast indexes (Deepdive)Daniel Lemire
 
Introduction à dart
Introduction à dartIntroduction à dart
Introduction à dartyohanbeschi
 
Nicety of Java 8 Multithreading
Nicety of Java 8 MultithreadingNicety of Java 8 Multithreading
Nicety of Java 8 MultithreadingGlobalLogic Ukraine
 
Lambda expressions in C++
Lambda expressions in C++Lambda expressions in C++
Lambda expressions in C++Dimitrios Platis
 
CppConcurrencyInAction - Chapter07
CppConcurrencyInAction - Chapter07CppConcurrencyInAction - Chapter07
CppConcurrencyInAction - Chapter07DooSeon Choi
 
From Lisp to Clojure/Incanter and RAn Introduction
From Lisp to Clojure/Incanter and RAn IntroductionFrom Lisp to Clojure/Incanter and RAn Introduction
From Lisp to Clojure/Incanter and RAn Introductionelliando dias
 
Coq for ML users
Coq for ML usersCoq for ML users
Coq for ML userstmiya
 
Proofsummit2011a
Proofsummit2011aProofsummit2011a
Proofsummit2011atmiya
 

Weitere ähnliche Inhalte

Was ist angesagt?

Clojure for Data Science
Clojure for Data ScienceClojure for Data Science
Clojure for Data ScienceMike Anderson
 
groovy databases
groovy databasesgroovy databases
groovy databasesPaul King
 
Next Generation Indexes For Big Data Engineering (ODSC East 2018)
Next Generation Indexes For Big Data Engineering (ODSC East 2018)Next Generation Indexes For Big Data Engineering (ODSC East 2018)
Next Generation Indexes For Big Data Engineering (ODSC East 2018)Daniel Lemire
 
Engineering fast indexes
Engineering fast indexesEngineering fast indexes
Engineering fast indexesDaniel Lemire
 
To Swift 2...and Beyond!
To Swift 2...and Beyond!To Swift 2...and Beyond!
To Swift 2...and Beyond!Scott Gardner
 
Clojure for Data Science
Clojure for Data ScienceClojure for Data Science
Clojure for Data Sciencehenrygarner
 
Dynamic C++ ACCU 2013
Dynamic C++ ACCU 2013Dynamic C++ ACCU 2013
Dynamic C++ ACCU 2013aleks-f
 
Coscup2021-rust-toturial
Coscup2021-rust-toturialCoscup2021-rust-toturial
Coscup2021-rust-toturialWayne Tsai
 
MySQL 5.7 NF – JSON Datatype 활용
MySQL 5.7 NF – JSON Datatype 활용MySQL 5.7 NF – JSON Datatype 활용
MySQL 5.7 NF – JSON Datatype 활용I Goo Lee
 
Fast indexes with roaring #gomtl-10
Fast indexes with roaring #gomtl-10 Fast indexes with roaring #gomtl-10
Fast indexes with roaring #gomtl-10 Daniel Lemire
 
Coscup2021 - useful abstractions at rust and it's practical usage
Coscup2021 - useful abstractions at rust and it's practical usageCoscup2021 - useful abstractions at rust and it's practical usage
Coscup2021 - useful abstractions at rust and it's practical usageWayne Tsai
 
Google App Engine Developer - Day3
Google App Engine Developer - Day3Google App Engine Developer - Day3
Google App Engine Developer - Day3Simon Su
 
Engineering fast indexes (Deepdive)
Engineering fast indexes (Deepdive)Engineering fast indexes (Deepdive)
Engineering fast indexes (Deepdive)Daniel Lemire
 
Introduction à dart
Introduction à dartIntroduction à dart
Introduction à dartyohanbeschi
 
CppConcurrencyInAction - Chapter07
CppConcurrencyInAction - Chapter07CppConcurrencyInAction - Chapter07
CppConcurrencyInAction - Chapter07DooSeon Choi
 
From Lisp to Clojure/Incanter and RAn Introduction
From Lisp to Clojure/Incanter and RAn IntroductionFrom Lisp to Clojure/Incanter and RAn Introduction
From Lisp to Clojure/Incanter and RAn Introductionelliando dias
 

Was ist angesagt? (20)

Clojure for Data Science
Clojure for Data ScienceClojure for Data Science
Clojure for Data Science
 
groovy databases
groovy databasesgroovy databases
groovy databases
 
Next Generation Indexes For Big Data Engineering (ODSC East 2018)
Next Generation Indexes For Big Data Engineering (ODSC East 2018)Next Generation Indexes For Big Data Engineering (ODSC East 2018)
Next Generation Indexes For Big Data Engineering (ODSC East 2018)
 
LCS35
LCS35LCS35
LCS35
 
Engineering fast indexes
Engineering fast indexesEngineering fast indexes
Engineering fast indexes
 
To Swift 2...and Beyond!
To Swift 2...and Beyond!To Swift 2...and Beyond!
To Swift 2...and Beyond!
 
Clojure for Data Science
Clojure for Data ScienceClojure for Data Science
Clojure for Data Science
 
Dynamic C++ ACCU 2013
Dynamic C++ ACCU 2013Dynamic C++ ACCU 2013
Dynamic C++ ACCU 2013
 
Coscup2021-rust-toturial
Coscup2021-rust-toturialCoscup2021-rust-toturial
Coscup2021-rust-toturial
 
MySQL 5.7 NF – JSON Datatype 활용
MySQL 5.7 NF – JSON Datatype 활용MySQL 5.7 NF – JSON Datatype 활용
MySQL 5.7 NF – JSON Datatype 활용
 
Fast indexes with roaring #gomtl-10
Fast indexes with roaring #gomtl-10 Fast indexes with roaring #gomtl-10
Fast indexes with roaring #gomtl-10
 
Coscup2021 - useful abstractions at rust and it's practical usage
Coscup2021 - useful abstractions at rust and it's practical usageCoscup2021 - useful abstractions at rust and it's practical usage
Coscup2021 - useful abstractions at rust and it's practical usage
 
Google App Engine Developer - Day3
Google App Engine Developer - Day3Google App Engine Developer - Day3
Google App Engine Developer - Day3
 
RealmDB for Android
RealmDB for AndroidRealmDB for Android
RealmDB for Android
 
Engineering fast indexes (Deepdive)
Engineering fast indexes (Deepdive)Engineering fast indexes (Deepdive)
Engineering fast indexes (Deepdive)
 
Introduction à dart
Introduction à dartIntroduction à dart
Introduction à dart
 
Nicety of Java 8 Multithreading
Nicety of Java 8 MultithreadingNicety of Java 8 Multithreading
Nicety of Java 8 Multithreading
 
Lambda expressions in C++
Lambda expressions in C++Lambda expressions in C++
Lambda expressions in C++
 
CppConcurrencyInAction - Chapter07
CppConcurrencyInAction - Chapter07CppConcurrencyInAction - Chapter07
CppConcurrencyInAction - Chapter07
 
From Lisp to Clojure/Incanter and RAn Introduction
From Lisp to Clojure/Incanter and RAn IntroductionFrom Lisp to Clojure/Incanter and RAn Introduction
From Lisp to Clojure/Incanter and RAn Introduction
 

Mehr von tmiya

Coq for ML users
Coq for ML usersCoq for ML users
Coq for ML userstmiya
 
Proofsummit2011a
Proofsummit2011aProofsummit2011a
Proofsummit2011atmiya
 
Typeclass
TypeclassTypeclass
Typeclasstmiya
 
Coq Tutorial
Coq TutorialCoq Tutorial
Coq Tutorialtmiya
 
RegExp20110305
RegExp20110305RegExp20110305
RegExp20110305tmiya
 
Coq setoid 20110129
Coq setoid 20110129Coq setoid 20110129
Coq setoid 20110129tmiya
 
Coq Party 20101127
Coq Party 20101127Coq Party 20101127
Coq Party 20101127tmiya
 
Maude20100719
Maude20100719Maude20100719
Maude20100719tmiya
 
Formal methods20100529
Formal methods20100529Formal methods20100529
Formal methods20100529tmiya
 
Coq 20100208a
Coq 20100208aCoq 20100208a
Coq 20100208atmiya
 

Mehr von tmiya (10)

Coq for ML users
Coq for ML usersCoq for ML users
Coq for ML users
 
Proofsummit2011a
Proofsummit2011aProofsummit2011a
Proofsummit2011a
 
Typeclass
TypeclassTypeclass
Typeclass
 
Coq Tutorial
Coq TutorialCoq Tutorial
Coq Tutorial
 
RegExp20110305
RegExp20110305RegExp20110305
RegExp20110305
 
Coq setoid 20110129
Coq setoid 20110129Coq setoid 20110129
Coq setoid 20110129
 
Coq Party 20101127
Coq Party 20101127Coq Party 20101127
Coq Party 20101127
 
Maude20100719
Maude20100719Maude20100719
Maude20100719
 
Formal methods20100529
Formal methods20100529Formal methods20100529
Formal methods20100529
 
Coq 20100208a
Coq 20100208aCoq 20100208a
Coq 20100208a
 

Kürzlich hochgeladen

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Kürzlich hochgeladen (20)

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Coq Tutorial at Proof Summit 2011

  • 1. Proof Summit 2011 Coq @tmiya September 25, 2011 @tmiya : Coq , 1
  • 2. 0. Coq Coq Coq Coq • • Coq • • @tmiya : Coq , 2
  • 3. 1. Coq Lightweight • ( ) • • • • • • ( ) • • • or @tmiya : Coq , 3
  • 4. 1. Coq Coq INRIA OCaml CIC = Calculus of Inductive Construction tactic tactic Coq Coq OCaml, Haskell, Scheme @tmiya : Coq , 4
  • 5. 2. Coq Coq Coqtop, CoqIDE CUI Coqtop / : % coqtop Welcome to Coq 8.3pl1 (December 2010) Coq < Eval compute in (2+3). = 5 : nat Coq < Quit. % Coq CoqIDE coqide @tmiya : Coq , 5
  • 6. 2. Coq Proof General : emacs Proof General ~/.emacs (load-file "***/ProofGeneral/generic/proof-site.el") proof-site.el Coq (*.v) Proof General @tmiya : Coq , 6
  • 7. 3. Coq Coq < Definition x := 1. (* x *) x is defined (* := *) Coq < Check x. (* x *) x : nat (* nat = *) Coq < Print x. (* x *) x = 1 : nat Coq < Definition x := 2. (* x *) Error: x already exists (* --> *) Reset x. Module ( ) @tmiya : Coq , 7
  • 8. 3. Coq 1 2 Coq < Definition f x y := x - y. (* f *) f is defined Coq < Check f. f : nat -> nat -> nat (* nat->(nat->nat) *) Coq < Definition f’ := f 3. (* f’ y = f 3 y *) f’ is defined Coq < Check f’. f’ : nat -> nat (* nat nat *) Coq < Eval compute in (f’ 1). (* f’ 1 = f 3 1 = 2 *) = 2 : nat ( @tmiya : Coq , 8
  • 9. 3. Coq Coq < Check (fun x => 2 * x). (* *) fun x : nat => 2 * x : nat -> nat Coq < Eval compute in ((fun x => 2 * x) 3). = 6 : nat Coq < Definition double := (fun x => 2 * x). double is defined (* double *) Coq . @tmiya : Coq , 9
  • 10. 3. Coq Coq < Definition twice(f:nat->nat):nat->nat := Coq < fun x => f (f x). twice is defined Coq < Definition add5(x:nat) := x + 5. add5 is defined Coq < Definition twice_add5 := twice add5. twice_add5 is defined Coq < Eval compute in (twice_add5 2). = 12 : nat @tmiya : Coq , 10
  • 11. 3.1. int, float Coq nat ( ) Weekday Coq < Inductive Weekday : Set := Coq < Sun | Mon | Tue | Wed | Thr | Fri | Sat. Coq < Check Sun. Sun (* Sun *) : Weekday (* Weekday *) Coq < Check Weekday. Weekday (* *) : Set (* Set *) Set @tmiya : Coq , 11
  • 12. 3.1. ( ) Coq < Definition nextday d := Coq < match d with Coq < | Sun => Mon : (* *) Coq < | Sat => Sun Coq < end. nextday is defined Coq < Check nextday. nextday (* *) : Weekday -> Weekday Coq < Eval compute in (nextday Mon). (* *) prevday @tmiya : Coq , 12
  • 13. 3.1. Bool Coq < Inductive Bool : Set := Coq < | tru : Bool Coq < | fls : Bool. Coq < Definition And(b1 b2:Bool):Bool := Coq < match b1,b2 with Coq < | tru,tru => tru Coq < | _,_ => fls Coq < end. Or, Not Eval @tmiya : Coq , 13
  • 14. 3.1. bool ( ) bool Coq < Print bool. Coq < Print andb. Coq < Print orb. Coq < Print negb. bool Coq < Print unit. @tmiya : Coq , 14
  • 15. 3.1. De Morgan (1) Coq < Theorem De_Morgan_1 : forall b1 b2, Coq < Not (And b1 b2) = Or (Not b1) (Not b2). 1 subgoal ============================ forall b1 b2 : Bool, Not (And b1 b2) = Or (Not b1) (Not b2) De_Morgan_1 < intros. 1 subgoal (* b1 b2 *) b1 : Bool b2 : Bool ============================ Not (And b1 b2) = Or (Not b1) (Not b2) @tmiya : Coq , 15
  • 16. 3.1. De Morgan (2) De_Morgan_1 < destruct b1; destruct b2. 4 subgoals (* b1 b2 *) ============================ Not (And tru tru) = Or (Not tru) (Not tru) subgoal 2 is: Not (And tru fls) = Or (Not tru) (Not fls) subgoal 3 is: Not (And fls tru) = Or (Not fls) (Not tru) subgoal 4 is: Not (And fls fls) = Or (Not fls) (Not fls) @tmiya : Coq , 16
  • 17. 3.1. De Morgan (3) De_Morgan_1 < simpl. 4 subgoals (* *) ============================ fls = fls (* *) De_Morgan_1 < reflexivity. 3 subgoals (* = *) ============================ Not (And tru fls) = Or (Not tru) (Not fls) subgoal 2 is: Not (And fls tru) = Or (Not fls) (Not tru) subgoal 3 is: Not (And fls fls) = Or (Not fls) (Not fls) @tmiya : Coq , 17
  • 18. 3.1. De Morgan (4) De_Morgan_1 < simpl; reflexivity. De_Morgan_1 < simpl; reflexivity. De_Morgan_1 < simpl; reflexivity. Proof completed. De_Morgan_1 < Qed. intros. destruct b1; destruct b2. simpl in |- *. reflexivity. simpl in |- *; reflexivity. simpl in |- *; reflexivity. simpl in |- *; reflexivity. De_Morgan_1 is defined Not (Or b1 b2) = And (Not b1) (Not b2) @tmiya : Coq , 18
  • 19. 3.1. 1. Yes, Maybe, No Bool3 2. Bool3 And3, Or3, Not3 3. ( ) De Morgan @tmiya : Coq , 19
  • 20. 3.2. nat nat ( ) Coq < Print nat. Inductive nat : Set := O : nat | S : nat -> nat O( O) 0 S nat nat Peano Coq < Eval compute in (S (S (S O))). = 3 : nat S (S (S O)) Coq 3 @tmiya : Coq , 20
  • 21. 3.2. nat n Coq < Fixpoint add(n m:nat):nat := Coq < match n with Coq < | O => m Coq < | S n’ => S (add n’ m) Coq < end. add is recursively defined (decreasing on 1st argument) Fixpoint ( O) 0 S nat 1 nat Peano Coq < Eval compute in (add (S (S O)) (S O)). = 3 : nat (call-by-value) @tmiya : Coq , 21
  • 22. 3.2. nat _,_ OK Coq < Fixpoint eq_nat(n m:nat):bool := Coq < match n,m with Coq < | O,O => true Coq < | S n’, S m’ => eq_nat n’ m’ Coq < | _,_ => false Coq < end. Coq < Eval compute in (eq_nat 3 3). le_nat le_nat n m n≤m Coq ( ) @tmiya : Coq , 22
  • 23. 3.2. Coq ( ) n ({struct n} Coq ) Coq < Fixpoint add’(n m:nat){struct n} := Coq < match n with Coq < | O => m Coq < | S n’ => S (add’ n’ m) Coq < end. add’ is recursively defined (decreasing on 1st argument) add’ 2 3 add’ add’ (S (S O)) 3 = S (add’ (S O) 3) = S (S (add’ O 3)) = S (S 3) = 5. @tmiya : Coq , 23
  • 24. 3.2. ( ) Coq ( )( ) Coq ( Coq ) Coq ( ) (Coq ) Coq @tmiya : Coq , 24
  • 25. 3.2. 1. mul add 2. mul fact 3. sub n=0 sub 0 m = 0 4. div3 Eval Fixpoint div3(n:nat) := match n with | S (S (S n’)) => S (div3 n’) | _ => O end. sub div n m Coq ( ) @tmiya : Coq , 25
  • 26. 3.3. cond c vt vf c:bool true vt false vf vt, vf Set A Coq < Definition cond{A:Set}(c:bool)(vt vf:A) := Coq < match c with Coq < | true => vt Coq < | false => vf Coq < end. Coq < Eval compute in (cond true 2 3). = 2 : nat Coq < Eval compute in (cond false false true). = true : bool {A:Set} cond A ( ) Coq < Eval compute in (@cond nat false 2 3). @tmiya : Coq , 26
  • 27. 3.3. option ( ) null option (Haskell Maybe ) ( Coq sumor ) Coq < Print option. Inductive option (A : Type) : Type := Some : A -> option A | None : option A Definition option_map {A B:Type} (f:A->B)(o:option A) := match o with | Some a => Some (f a) | None => None end. Coq < Eval compute in (option_map (fun x => x + 1) (Some 1)). @tmiya : Coq , 27
  • 28. 3.3. prod sum prod A B A B prod A B A * B ( x , y , .. , z ) (pair .. (pair x y) .. z) Coq < Check (2,true,3). (2, true, 3) : nat * bool * nat prod fst, snd sum A B A B Coq < Definition test_sum (s:sum nat bool) := Coq < match s with Coq < | inl n => n Coq < | inr true => 1 Coq < | inr false => 0 Coq < end. prod, sum Curry-Howard @tmiya : Coq , 28
  • 29. 3.3. List List List :: cons Type Set (Check Set. ) Coq < Require Import List. Coq < Print list. Inductive list (A : Type) : Type := nil : list A | cons : A -> list A -> list A Coq < Check (1::2::nil). 1 :: 2 :: nil : list nat @tmiya : Coq , 29
  • 30. 3.3. List List List nil x::xs Coq < Fixpoint append{A:Type}(xs ys:list A):= Coq < match xs with Coq < | nil => ys Coq < | x::xs’ => x::(append xs’ ys) Coq < end. Coq < Eval compute in (append (1::2::nil) (3::4::nil)). Coq < Fixpoint olast{A:Type}(xs:list A):option A := Coq < match xs with Coq < | nil => None Coq < | a::nil => Some a Coq < | _::xs’ => olast xs’ Coq < end. Coq < Eval compute in (olast (1::2::3::nil)). @tmiya : Coq , 30
  • 31. 3.3. List 1. len{A:Type}(xs:list A):nat Eval compute in (len (1::2::3::nil)). 2. list bool true true all_true(xs:list bool):bool nil true 3. x Some x None ohead{A:Type}(xs:list A):option A 4. s, n s :: s+1 :: ... :: (s+n-1) :: nil nat_list(s n:nat):list nat 5. reverse{A:Type}(xs:list A):list A append @tmiya : Coq , 31
  • 32. 4. Bool De Morgan P Q ¬(P ∧ Q) ¬P ∨ ¬Q F F T T F T T T T F T T T T F F Bool, nat Inductive (nat O S n ) Coq Prop ( ) @tmiya : Coq , 32
  • 33. 4. P P ¬P ( ) ab a, b √ √ √ 2 1. a = b = 2 a, b ab = 2 √ √2 √ 2. ab √ a = √2 , b = 2 √ a, b √ 2 √2 √ 2 2 √ 2 ab = ( 2 ) = 2 = 2 =2 √ √ 2 2 (P) (~P) ab a, b ab a, b @tmiya : Coq , 33
  • 34. 4. ( ) Modus Ponens A A B B (Γ = ( ) ) Γ A Γ A → B (→ ) Γ B ( )→ Coq B Hab : A → B apply Hab. tactic A Ha : A exact Ha. @tmiya : Coq , 34
  • 35. 4. Coq tactic tactic assumption. exact H. trivial. ... H : A ... ------------------------ A exact . A∈Γ ( ) Γ A @tmiya : Coq , 35
  • 36. 4.1. → → A → B (CUI A -> B ) A intro Ha. tactic Ha : A B Coq ... Γ, A B (→ ) Γ A→B H1 → H2 → · · · → Hn → B intros H1 H2 ... Hn. intro intro. intros. Coq → Modus Ponens tactic apply . @tmiya : Coq , 36
  • 37. 4.1. → → (1) tactic Set P Prop P P P p : P ( Set, Prop Type ) Section imp_sample. Variables P Q R : Prop. Theorem imp_sample : (P -> (Q -> R)) -> (P -> Q) -> P -> R. 1 subgoal ============================ (P -> Q -> R) -> (P -> Q) -> P -> R === tactic → intro(s) @tmiya : Coq , 37
  • 38. 4.1. → → (2) → intros tactic intro(s) imp_sample < intros pqr pq p. 1 subgoal pqr : P -> Q -> R pq : P -> Q p : P ============================ R R pqr apply pqr. @tmiya : Coq , 38
  • 39. 4.1. → → (3) R apply pqr. pqr P -> Q -> P Q imp_sample < apply pqr. 2 subgoals pqr : P -> Q -> R pq : P -> Q p : P ============================ P subgoal 2 is: Q P assumption. @tmiya : Coq , 39
  • 40. 4.1. → → (4) P assumption. Q imp_sample < assumption. 1 subgoal pqr : P -> Q -> R pq : P -> Q p : P ============================ Q Q @tmiya : Coq , 40
  • 41. 4.1. → → (5) imp_sample < apply pq. 1 subgoal pqr : P -> Q -> R pq : P -> Q p : P ============================ P imp_sample < assumption. Proof completed. imp_sample < Qed. Qed. @tmiya : Coq , 41
  • 42. 4.2. ∧ ∧ (1) P ∧Q P Q pq : P / Q destruct pq as [p q]. tactic p : P q : Q destruct pq. p,q Coq P ∧Q P Q P ∧Q split. tactic P / Q P, Q Coq < Variable P Q R:Prop. Coq < Theorem and_assoc : (P/Q)/R -> P/(Q/R). 1 subgoal ============================ (P / Q) / R -> P / Q / R @tmiya : Coq , 42
  • 43. 4.2. ∧ ∧ (2) intro → ∧ and_assoc < intro pqr. 1 subgoal pqr : (P / Q) / R ============================ P / Q / R and_assoc < destruct pqr as [[p q] r]. 1 subgoal p : P q : Q r : R ============================ P / Q / R @tmiya : Coq , 43
  • 44. 4.2. ∧ ∧ (3) assumption ; tactic split assumption and_assoc < split. 2 subgoals ============================ P subgoal 2 is: Q / R and_assoc < assumption. 1 subgoal ============================ Q / R and_assoc < split; assumption. Proof completed. and_assoc < Qed. @tmiya : Coq , 44
  • 45. 4.3. ∨ ∨ (1) P ∨Q P Q pq : P / Q destruct pq as [pq].— tactic p : P q : Q destruct pq. p,q Coq P ∨Q P Q P ∨Q left. right. tactic P Q Coq < Variable P Q R:Prop. Coq < Theorem or_assoc : (P/Q)/R -> P/(Q/R). 1 subgoal ============================ (P / Q) / R -> P / Q / R @tmiya : Coq , 45
  • 46. 4.3. ∨ ∨ (2) intro → ∨ and_assoc < intro pqr. or_assoc < destruct pqr as [[p|q]|r]. 3 subgoals p : P ============================ P / Q / R subgoal 2 is: P / Q / R subgoal 3 is: P / Q / R @tmiya : Coq , 46
  • 47. 4.3. ∨ ∨ (3) assumption or_assoc < left. 3 subgoals p : P ============================ P or_assoc < assumption. 2 subgoals q : Q ============================ P / Q / R or_assoc < right; left. 2 subgoals q : Q ============================ Q OK @tmiya : Coq , 47
  • 48. 4.4. ¬ ¬ (1) ¬P P → False False Inductive False : Prop := ~P intro p. p : P False H : False elim H. np : ~P elim np. P (¬¬P P ) ( ) @tmiya : Coq , 48
  • 49. 4.4. ¬ ¬ (2) Coq < Theorem neg_sample : ~(P / ~P). 1 subgoal ============================ ~ (P / ~ P) neg_sample < intro. 1 subgoal H : P / ~ P ============================ False @tmiya : Coq , 49
  • 50. 4.4. ¬ ¬ (3) neg_sample < destruct H as [p np]. 1 subgoal p : P np : ~ P ============================ False neg_sample < elim np. p : P np : ~ P ============================ P neg_sample < assumption. Proof completed. @tmiya : Coq , 50
  • 51. 4.4. ¬ Variable A B C D:Prop. Theorem ex4_1 : (A -> C) / (B -> D) / A / B -> C / D. Theorem ex4_2 : ~~~A -> ~A. Theorem ex4_3 : (A -> B) -> ~B -> ~A. Theorem ex4_4 : ((((A -> B) -> A) -> A) -> B) -> B. Theorem ex4_5 : ~~(A/~A). @tmiya : Coq , 51
  • 52. 5. Curry-Howard Curry-Howard (1) Theorem imp_sample’ : (P -> (Q -> R)) -> (P -> Q) -> P -> R. imp_sample’ < intros pqr pq p. imp_sample’ < Check pq. pq : P -> Q imp_sample’ < Check (pq p). pq p : Q pq P -> Q P Q pq p Q @tmiya : Coq , 52
  • 53. 5. Curry-Howard Curry-Howard (2) pqr, pq, p R exact tactic imp_sample’ < Check (pqr p (pq p)). pqr p (pq p) : R imp_sample’ < exact (pqr p (pq p)). Proof completed. imp_sample Print Coq < Print imp_sample. imp_sample = fun (pqr : P -> Q -> R) (pq : P -> Q) (p : P) => pqr p (pq p) : (P -> Q -> R) -> (P -> Q) -> P -> R @tmiya : Coq , 53
  • 54. 5. Curry-Howard Curry-Howard (3) P P P→Q P -> Q Γ P ΓP→Q (→ ) pq p Γ Q Γ, P Q (→ ) pq (p:P):Q Γ P→Q P ∧Q prod { (P,Q) inl P P ∨Q sum inr Q Curry-Howard Curry-Howard = Coq @tmiya : Coq , 54
  • 55. 5. Curry-Howard Curry-Howard (4) Coq ( ) Java (P → Q → R) → (P → Q) → P → R interface Fun<A,B> { public B apply(A a); } public class P {} public class Q {} public class R {} public class Proof { public R imp_sample(Fun<P,Fun<Q,R>> pqr, Fun<P,Q> pq, P p) { return pqr.apply(p).apply(pq.apply(p)); } } (Java prod sum ¬ Java ) @tmiya : Coq , 55
  • 56. 6. a:A P a (∀a : A, P a) : forall (a:A), P a a:A P a (∃a : A, P a) : exists (a:A), P a Coq P a:A P a:Prop A -> Prop Coq a:A P : A → Prop Coq < Definition iszero(n:nat):Prop := Coq < match n with Coq < | O => True Coq < | _ => False Coq < end. iszero is defined @tmiya : Coq , 56
  • 57. 6. ∀ (1) forall intro(s) forall x:X x:X -> Coq < Theorem sample_forall : forall (X:Type)(P Q:X->Prop)(x:X), P x -> (forall y:X, Q y) -> (P x / Q x). ============================ forall (X : Type) (P Q : X -> Prop) (x : X), P x -> (forall y : X, Q y) -> P x / Q x sample_forall < intros X P Q x px Hqy. X : Type P : X -> Prop Q : X -> Prop x : X px : P x Hqy : forall y : X, Q y ============================ P x / Q x @tmiya : Coq , 57
  • 58. 6. ∀ (2) forall y:X y X sample_forall < split. (* P x Q x *) sample_forall < assumption. (* P x px *) 1 subgoal X : Type P : X -> Prop Q : X -> Prop x : X px : P x Hqy : forall y : X, Q y ============================ Q x sample_forall < apply (Hqy x). (* Hqy y x *) Proof completed. @tmiya : Coq , 58
  • 59. 6.2. ∃ ∃ (1) Coq < Theorem sample_exists : forall (P Q:nat->Prop), Coq < (forall n, P n) -> (exists n, Q n) -> Coq < (exists n, P n / Q n). sample_exists < intros P Q Hpn Hqn. 1 subgoal P : nat -> Prop Q : nat -> Prop Hpn : forall n : nat, P n Hqn : exists n : nat, Q n ============================ exists n : nat, P n / Q n @tmiya : Coq , 59
  • 60. 6.2. ∃ ∃ (2) exists destruct sample_exists < intros P Q Hpn Hqn. P : nat -> Prop Q : nat -> Prop Hpn : forall n : nat, P n Hqn : exists n : nat, Q n ============================ exists n : nat, P n / Q n sample_exists < destruct Hqn as [n’ qn’]. P : nat -> Prop Q : nat -> Prop Hpn : forall n : nat, P n n’ : nat qn’ : Q n’ ============================ exists n : nat, P n / Q n @tmiya : Coq , 60
  • 61. 6.2. ∃ ∃ (3) exists x:X x:X exists x. sample_exists < destruct Hqn as [n’ qn’]. : Hpn : forall n : nat, P n n’ : nat qn’ : Q n’ ============================ exists n : nat, P n / Q n sample_exists < exists n’. : Hpn : forall n : nat, P n n’ : nat qn’ : Q n’ ============================ P n’ / Q n’ (* *) @tmiya : Coq , 61
  • 62. 6.2. ∃ Theorem ex5_1 : forall (A:Set)(P:A->Prop), (~ exists a, P a) -> (forall a, ~P a). Theorem ex5_2 : forall (A:Set)(P Q:A->Prop), (exists a, P a / Q a) -> (exists a, P a) / (exists a, Q a). Theorem ex5_3 : forall (A:Set)(P Q:A->Prop), (exists a, P a) / (exists a, Q a) -> (exists a, P a / Q a). Theorem ex5_4 : forall (A:Set)(R:A->A->Prop), (exists x, forall y, R x y) -> (forall y, exists x, R x y). Theorem ex5_5 : forall (A:Set)(R:A->A->Prop), (forall x y, R x y -> R y x) -> (forall x y z, R x y -> R y z -> R x z) -> (forall x, exists y, R x y) -> (forall x, R x x). @tmiya : Coq , 62
  • 63. 6.3. = = (1) eq (= ) Inductive eq (A : Type) (x : A) : A -> Prop := refl_equal : x = x Coq (nat bool ) (nat O Sn ) (S m Sn m=n ) ============================ n = n apply (refl_equal n). tactic reflexivity. @tmiya : Coq , 63
  • 64. 6.3. = = (2) plus Print plus. tactic simpl. Coq < Theorem plus_0_l : forall n, 0 + n = n. plus_0_l < intro n. n : nat ============================ 0 + n = n plus_0_l < simpl. n : nat ============================ n = n plus_0_l < reflexivity. Proof completed. @tmiya : Coq , 64
  • 65. 6.4. (1) ∀n : nat, n + 0 = n simpl. ============================ n + 0 = n plus_0_r < simpl. ============================ n + 0 = n plus n m n n 1. n = 0 n+0=n 2. n = n n+0=n n=Sn n+0=n @tmiya : Coq , 65
  • 66. 6.4. (2) n induction n as [|n’]. induction n. tactic Coq nat_ind (P ) Coq < Check nat_ind. nat_ind : forall P : nat -> Prop, P 0 -> (forall n : nat, P n -> P (S n)) -> forall n : nat, P n nat_ind nat O : nat S : nat -> nat Inductive bool bool_ind bool_ind : forall P : bool -> Prop, P true -> P false -> forall b : bool, P b @tmiya : Coq , 66
  • 67. 6.4. (3) induction n as [|n’]. n 0 S n’ reflexivity. OK (simpl. ) Coq < Theorem plus_0_r : forall n:nat, n + 0 = n. plus_0_r < induction n as [|n’]. 2 subgoals ============================ 0 + 0 = 0 subgoal 2 is: S n’ + 0 = S n’ plus_0_r < reflexivity. 1 subgoal n’ : nat IHn’ : n’ + 0 = n’ ============================ S n’ + 0 = S n’ @tmiya : Coq , 67
  • 68. 6.4. (4) n = S n’ n = n’ IHn’ S n’ + 0 = S n’ simpl. plus S (n’ + 0)= S n’ IHn’ n’ + 0 n’ rewrite IHn’. rewrite ============================ S n’ + 0 = S n’ plus_0_r < simpl. IHn’ : n’ + 0 = n’ ============================ S (n’ + 0) = S n’ plus_0_r < rewrite IHn’. IHn’ : n’ + 0 = n’ ============================ S n’ = S n’ @tmiya : Coq , 68
  • 69. 6.4. :m + n = n + m SearchAbout Coq < SearchAbout plus. plus_n_O: forall n : nat, n = n + 0 plus_O_n: forall n : nat, 0 + n = n plus_n_Sm: forall n m : nat, S (n + m) = n + S m plus_Sn_m: forall n m : nat, S n + m = S (n + m) mult_n_Sm: forall n m : nat, n * m + n = n * S m rewrite ( rewrite <- plus_n_Sm n’ m. rewrite H. H rewrite <- H. ) Theorem plus_comm : forall m n:nat, m + n = n + m. @tmiya : Coq , 69
  • 70. 6.4. (5) nat list A Theorem length_app : forall (A:Type)(l1 l2:list A), length (l1 ++ l2) = length l1 + length l2. list cons induction l1 as [|a l1’]. ( induction l1.) induction ( l2) intro 1. intros A l1 l2. induction l1 as [|a l1’]. 2. intros A l1. induction l1 as [|a l1’]. intro l2. IHl1’ (Coqtop Undo. ) @tmiya : Coq , 70
  • 71. 6.4. : (1) List append reverse Require Import List. Fixpoint append{A:Type}(l1 l2:list A):= match l1 with | nil => l2 | a::l1’ => a::(append l1’ l2) end. Fixpoint reverse{A:Type}(l:list A):= match l with | nil => nil | a::l’ => append (reverse l’) (a::nil) end. Theorem reverse_reverse : forall (A:Type)(l:list A), reverse (reverse l) = l. @tmiya : Coq , 71
  • 72. 6.4. : (2) reverse_reverse Lemma append_nil : forall (A:Type)(l:list A), append l nil = l. Lemma append_assoc : forall (A:Type)(l1 l2 l3:list A), append (append l1 l2) l3 = append l1 (append l2 l3). Lemma reverse_append : forall (A:Type)(l1 l2:list A), reverse (append l1 l2) = append (reverse l2) (reverse l1). @tmiya : Coq , 72
  • 73. 7. (1) Coq nat minus(n m:nat) n≤m 0 n−m+m =n ( ) sub Definition sub(m n:nat)(H:le n m) : {x:nat|x+n=m}. 1. H n≤m n≤m 2. x = m−n x +n = m ( exists x:nat, x+n=m. ) @tmiya : Coq , 73
  • 74. 7. (2) Coq exists nat Arith Require Import Arith. (* Arith *) Definition sub(m n:nat)(H:le n m) : {x:nat|x+n=m}. m : nat n : nat H : n <= m ============================ {x : nat | x + n = m} m, n intro generalize dependent sub < generalize dependent m. sub < generalize dependent n. ============================ forall n m : nat, n <= m -> {x : nat | x + n = m} @tmiya : Coq , 74
  • 75. 7. (3) eapply, erewrite apply, rewrite Qed. Defined. m n H induction n as [|n’]. (* n=0. m - n = m - 0 = m. exists m *) intros m H. exists m. eapply plus_0_r. (* n=S n’ *) induction m as [|m’]; intro H. (* m=0. m - n = 0 - (S n’) < 0 *) assert(H’: ~(S n’ <= 0)). eapply le_Sn_0. elim H’. assumption. (* m=S m’. S m’- S n’ = m’ - n’. IHn’ *) assert(H’: n’ <= m’). eapply le_S_n. assumption. assert(IH: {x:nat|x+n’=m’}). eapply IHn’. assumption. destruct IH as [x IH]. exists x. erewrite <- plus_n_Sm. rewrite IH. reflexivity. Defined. @tmiya : Coq , 75
  • 76. 7. (4) sub Print sub. sub OCaml minus Coq < Extraction sub. (** val sub : nat -> nat -> nat **) let rec sub m = function | O -> m | S n0 -> (match m with | O -> assert false (* absurd case *) | S n1 -> let iH = sub n1 n0 in Obj.magic iH) OCaml H @tmiya : Coq , 76
  • 77. 7. (5) H Theorem le_2_5 : le 2 5. Proof. repeat eapply le_n_S. repeat constructor. Qed. Eval compute in (sub 5 2 le_2_5). (* *) Eval compute in (proj1_sig (sub 5 2 le_2_5)). (* = 3:nat *) {x|x+n=m} x proj1_sig @tmiya : Coq , 77
  • 78. 7. minus sub minus Definition sub’(m n:nat)(H:le n m) : {x:nat|x+n=m}. Proof. (* minus *) Defined. Coq 1. minus minus 2. minus sub’ 3. refine tactic (refine ) 4. sub @tmiya : Coq , 78
  • 79. 8. Coq tactic (auto, ring, omega ) (Arith, List, String ) Haskell, OCaml (inversion, refine ) tactic Module @tmiya : Coq , 79
  • 80. 8. Interactive Theorem Proving and Program Development. Coq’Art: The Calculus of Inductive Constructions, Yves Berrot and Pierre Casteran (Springer-Verlag) : Coq Certified Programming with Dependent Types, Adam Chlipala (http://adam.chlipala.net/cpdt/) : Coq 2010 III (http://www.math.nagoya-u.ac.jp/~garrigue/lecture/ 2010_AW/index.html) : Garrigue PDF Coq in a Hurry, Yves Bertot (http://cel.archives-ouvertes.fr/docs/00/47/ 58/07/PDF/coq-hurry.pdf) : 2nd Asian-Pacific Summer School on Formal Methods (http://formes.asia/cms/coqschool/2010) : @tmiya : Coq , 80
  • 81. 8. Coq ProofCafe Coq CPDT Coq IT Coq Ruby, Clojure, Scala, Javascript Coq Coq http://coq.g.hatena.ne.jp/keyword/ProofCafe @tmiya : Coq , 81
  • 82. 8. Formal Methods Forum Coq ( ) ( ) Google group Coq 2010 Certified Programming with Dependent Types Coq Google group (http://groups.google.co.jp/group/fm-forum) Coq @tmiya : Coq , 82