(** * IndProp: Inductively Defined Propositions *) Set Warnings "-notation-overridden,-parsing,-deprecated-hint-without-locality". From LF Require Export Logic. (* ################################################################# *) (** * Inductively Defined Propositions *) (* ================================================================= *) (** ** Example: The Collatz Conjecture *) Fixpoint div2 (n : nat) := match n with 0 => 0 | 1 => 0 | S (S n) => S (div2 n) end. Definition f (n : nat) := if even n then div2 n else (3 * n) + 1. (** [12, 6, 3, 10, 5, 16, 8, 4, 2, 1]. [19, 58, 29, 88, 44, 22, 11, 34, 17, 52, 26, 13, 40, 20, 10, 5, 16, 8, 4, 2, 1]. *) Fail Fixpoint reaches_1_in (n : nat) : nat := if n =? 1 then 0 else 1 + reaches_1_in (f n). Inductive Collatz_holds_for : nat -> Prop := | Chf_done : Collatz_holds_for 1 | Chf_more (n : nat) : Collatz_holds_for (f n) -> Collatz_holds_for n. (** --------- Collatz 1 Collatz (f n) ------------- Collatz n *) Example Collatz_holds_for_12 : Collatz_holds_for 12. Proof. apply Chf_more. unfold f. simpl. apply Chf_more. unfold f. simpl. apply Chf_more. unfold f. simpl. apply Chf_more. unfold f. simpl. apply Chf_more. unfold f. simpl. apply Chf_more. unfold f. simpl. apply Chf_more. unfold f. simpl. apply Chf_more. unfold f. simpl. apply Chf_more. unfold f. simpl. apply Chf_done. Qed. Conjecture collatz : forall n, Collatz_holds_for n. (* ================================================================= *) (** ** Example: Ordering *) Module LePlayground. Inductive le : nat -> nat -> Prop := | le_n (n : nat) : le n n | le_S (n m : nat) : le n m -> le n (S m). Notation "n <= m" := (le n m) (at level 70). Example le_3_5 : 3 <= 5. Proof. apply le_S. apply le_S. apply le_n. Qed. End LePlayground. (* ================================================================= *) (** ** Example: Transitive Closure *) Inductive clos_trans {X: Type} (R: X->X->Prop) : X->X->Prop := | t_step (x y : X) : R x y -> clos_trans R x y | t_trans (x y z : X) : clos_trans R x y -> clos_trans R y z -> clos_trans R x z. Inductive Person : Type := Sage | Cleo | Ridley | Moss. Inductive parent_of : Person -> Person -> Prop := po_SC : parent_of Sage Cleo | po_SR : parent_of Sage Ridley | po_CM : parent_of Cleo Moss. Definition ancestor_of : Person -> Person -> Prop := clos_trans parent_of. Example ancestor_of1 : ancestor_of Sage Moss. Proof. unfold ancestor_of. apply t_trans with Cleo. - apply t_step. apply po_SC. - apply t_step. apply po_CM. Qed. (** **** Exercise: How would you modify this definition so that it defines _reflexive and_ transitive closure? How about reflexive, symmetric, and transitive closure? *) (* ================================================================= *) (** ** Example: Permutations *) Inductive Perm3 {X : Type} : list X -> list X -> Prop := | perm3_swap12 (a b c : X) : Perm3 [a;b;c] [b;a;c] | perm3_swap23 (a b c : X) : Perm3 [a;b;c] [a;c;b] | perm3_trans (l1 l2 l3 : list X) : Perm3 l1 l2 -> Perm3 l2 l3 -> Perm3 l1 l3. (** **** Exercise: According to this definition, is [[1;2;3]] a permutation of [[3;2;1]]? Is [[1;2;3]] a permutation of itself? *) Example Perm3_example1 : Perm3 [1;2;3] [2;3;1]. Proof. apply perm3_trans with [2;1;3]. - apply perm3_swap12. - apply perm3_swap23. Qed. (* ================================================================= *) (** ** Example: Evenness (yet again) *) (** (1) [even n = true], or (2) [exists k, n = double k]. (3) Inductive predicate: - The number [0] is even. - If [n] is even, then [S (S n)] is even. ----------- ev 0 ev n -------------- ev (S (S n)) *) Inductive ev : nat -> Prop := | ev_0 : ev 0 | ev_SS (n : nat) (H : ev n) : ev (S (S n)). (** Note that the [n] may vary in the output type: *) Fail Inductive wrong_ev (n : nat) : Prop := | wrong_ev_0 : wrong_ev 0 | wrong_ev_SS (H: wrong_ev n) : wrong_ev (S (S n)). (* ===> Error: Last occurrence of "[wrong_ev]" must have "[n]" as 1st argument in "[wrong_ev 0]". *) Theorem ev_4 : ev 4. Proof. apply ev_SS. apply ev_SS. apply ev_0. Qed. Theorem ev_4' : ev 4. Proof. apply (ev_SS 2 (ev_SS 0 ev_0)). Qed. Theorem ev_plus4 : forall n, ev n -> ev (4 + n). Proof. intros n. simpl. intros Hn. apply ev_SS. apply ev_SS. apply Hn. Qed. (** **** Exercise: *) Theorem ev_double : forall n, ev (double n). Proof. (* FILL IN HERE *) Admitted. (** [] *) (* ################################################################# *) (** * Using Evidence in Proofs *) (** If someone gives us evidence [E] for the assertion [ev n], then we know that [E] must be one of two things: - [E] is [ev_0] (and [n] is [O]), or - [E] is [ev_SS n' E'] (and [n] is [S (S n')], where [E'] is evidence for [ev n']). *) (* ================================================================= *) (** ** Inversion on Evidence *) Theorem ev_inversion : forall (n : nat), ev n -> (n = 0) \/ (exists n', n = S (S n') /\ ev n'). Proof. intros n E. destruct E as [ | n' E'] eqn:EE. - (* E = ev_0 : ev 0 *) left. reflexivity. - (* E = ev_SS n' E' : ev (S (S n')) *) right. exists n'. split. reflexivity. apply E'. Qed. Theorem evSS_ev : forall n, ev (S (S n)) -> ev n. Proof. intros n H. apply ev_inversion in H. destruct H as [H0|H1]. - discriminate H0. - destruct H1 as [n' [Hnm Hev]]. injection Hnm as Heq. rewrite Heq. apply Hev. Qed. Theorem evSS_ev' : forall n, ev (S (S n)) -> ev n. Proof. intros n E. inversion E as [| n' E' Heq]. (* We are in the [E = ev_SS n' E'] case now. *) apply E'. Qed. (** The [inversion] tactic can apply the principle of explosion to "obviously contradictory" hypotheses involving inductively defined properties, something that takes a bit more work using our inversion lemma. Compare: *) Theorem one_not_even : ~ ev 1. Proof. intros H. apply ev_inversion in H. destruct H as [ | [m [Hm _]]]. - discriminate H. - discriminate Hm. Qed. Theorem one_not_even' : ~ ev 1. Proof. intros H. inversion H. Qed. (** **** Exercise: Prove the following result using [inversion]. (For extra practice, you can also prove it using the inversion lemma.) *) Theorem SSSSev__even : forall n, ev (S (S (S (S n)))) -> ev n. Proof. (* FILL IN HERE *) Admitted. (** [] *) (** **** Exercise: Prove the following result using [inversion]. *) Theorem ev5_nonsense : ev 5 -> 2 + 2 = 9. Proof. (* FILL IN HERE *) Admitted. (** [] *) (** Connecting [ev] to [even] and [Even] *) Lemma ev_Even_zerothtry : forall n, ev n -> Even n. Proof. induction n as [|n' IHn']. - intros. exists 0. reflexivity. - intro H. Abort. Lemma ev_Even_firsttry : forall n, ev n -> Even n. Proof. unfold Even. intros n E. inversion E as [EQ' | n' E' EQ']. - (* E = ev_0 *) exists 0. reflexivity. - (* E = ev_SS n' E' *) assert (H: (exists k', n' = double k') -> (exists n0, S (S n') = double n0)). { intros [k' EQ'']. exists (S k'). simpl. rewrite <- EQ''. reflexivity. } apply H. (** Unfortunately, now we are stuck. To see this clearly, let's move [E'] back into the goal from the hypotheses. *) generalize dependent E'. (** Now it is obvious that we are trying to prove another instance of the same theorem we set out to prove -- only here we are talking about [n'] instead of [n]. *) Abort. (* ================================================================= *) (** ** Induction on Evidence *) Lemma ev_Even : forall n, ev n -> Even n. Proof. intros n E. induction E as [|n' E' IH]. - (* E = ev_0 *) unfold Even. exists 0. reflexivity. - (* E = ev_SS n' E' with IH : Even n' *) unfold Even in IH. destruct IH as [k Hk]. rewrite Hk. unfold Even. exists (S k). simpl. reflexivity. Qed. Theorem ev_Even_iff : forall n, ev n <-> Even n. Proof. intros n. split. - (* -> *) apply ev_Even. - (* <- *) unfold Even. intros [k Hk]. rewrite Hk. apply ev_double. Qed. (** **** Exercise: 2 stars, standard (ev_sum) *) Theorem ev_sum : forall n m, ev n -> ev m -> ev (n + m). Proof. (* FILL IN HERE *) Admitted. (** [] *) (* ################################################################# *) (** * Inductive Relations *) Module Playground. Inductive le : nat -> nat -> Prop := | le_n (n : nat) : le n n | le_S (n m : nat) (H : le n m) : le n (S m). Notation "n <= m" := (le n m). Theorem test_le1 : 3 <= 3. Proof. apply le_n. Qed. Theorem test_le2 : 3 <= 6. Proof. apply le_S. apply le_S. apply le_S. apply le_n. Qed. Theorem test_le3 : (2 <= 1) -> 2 + 2 = 5. Proof. intros H. inversion H. inversion H2. Qed. Definition lt (n m : nat) := le (S n) m. Notation "n < m" := (lt n m). End Playground. (* Homework: read Case Study: Improving Reflection *)