(** * Induction: Proof by Induction *) From LF Require Export Basics. (* ################################################################# *) (** * Proof by Induction *) Theorem add_0_r_firsttry : forall n:nat, n + 0 = n. Proof. intros n. simpl. (* Does nothing! *) Abort. Theorem add_0_r_secondtry : forall n:nat, n + 0 = n. Proof. intros n. destruct n as [| n'] eqn:E. - (* n = 0 *) reflexivity. (* so far so good... *) - (* n = S n' *) simpl. (* ...but here we are stuck again *) Abort. (** We could use [destruct n']... *) (** To prove interesting facts about numbers, lists, and other inductively defined sets, we often need a more powerful reasoning principle: _induction_. P O forall n, P n -> P (S n) ================================= forall n, P n Destruction (case analysis) is a form of induction where we do not use the induction hypothesis: P O forall n, P (S n) ================================= forall n, P n *) Check nat_ind. Theorem add_0_r : forall n:nat, n + 0 = n. Proof. intros n. induction n as [| n' IHn']. - (* n = 0 *) reflexivity. - (* n = S n' *) simpl. rewrite -> IHn'. reflexivity. Qed. Theorem minus_n_n : forall n, minus n n = 0. Proof. intros n. induction n as [| n' IHn']. - (* n = 0 *) simpl. reflexivity. - (* n = S n' *) simpl. rewrite -> IHn'. reflexivity. Qed. (** **** Exercise: 2 stars, standard, especially useful (basic_induction) Prove the following using induction. You might need previously proven results. *) Theorem mul_0_r : forall n:nat, n * 0 = 0. Proof. (* FILL IN HERE *) Admitted. Theorem plus_n_Sm : forall n m : nat, S (n + m) = n + (S m). Proof. (* FILL IN HERE *) Admitted. Theorem add_comm : forall n m : nat, n + m = m + n. Proof. (* FILL IN HERE *) Admitted. Theorem add_assoc : forall n m p : nat, n + (m + p) = (n + m) + p. Proof. (* FILL IN HERE *) Admitted. (** [] *) (** **** Exercise: 2 stars, standard (double_plus) Consider the following function, which doubles its argument: *) Fixpoint double (n:nat) := match n with | O => O | S n' => S (S (double n')) end. (** Use induction to prove this simple fact about [double]: *) Lemma double_plus : forall n, double n = n + n . Proof. (* FILL IN HERE *) Admitted. (** [] *) (** **** Exercise: 2 stars, standard (eqb_refl) The following theorem relates the computational equality [=?] on [nat] with the definitional equality [=] on [bool]. *) Theorem eqb_refl : forall n : nat, (n =? n) = true. Proof. (* FILL IN HERE *) Admitted. (** [] *) (** **** Exercise: 2 stars, standard, optional (even_S) One inconvenient aspect of our definition of [even n] is the recursive call on [n - 2]. This makes proofs about [even n] harder when done by induction on [n], since we may need an induction hypothesis about [n - 2]. The following lemma gives an alternative characterization of [even (S n)] that works better with induction: *) Theorem even_S : forall n : nat, even (S n) = negb (even n). Proof. (* FILL IN HERE *) Admitted. (** [] *) (* ################################################################# *) (** * Proofs Within Proofs *) Theorem mult_0_plus' : forall n m : nat, (n + 0 + 0) * m = n * m. Proof. intros n m. assert (H: n + 0 + 0 = n). { rewrite add_comm. simpl. rewrite add_comm. reflexivity. } rewrite -> H. reflexivity. Qed. Theorem plus_rearrange_firsttry : forall n m p q : nat, (n + m) + (p + q) = (m + n) + (p + q). Proof. intros n m p q. (* We just need to swap (n + m) for (m + n)... seems like add_comm should do the trick! *) rewrite add_comm. (* Doesn't work... Coq rewrites the wrong plus! :-( *) Abort. Theorem plus_rearrange : forall n m p q : nat, (n + m) + (p + q) = (m + n) + (p + q). Proof. intros n m p q. assert (H: n + m = m + n). { rewrite add_comm. reflexivity. } rewrite H. reflexivity. Qed.