作为Coq编程经验并跟随我在here中的问题,我想知道是否还有另一种证明(可能更短且没有使用引理 subset_listpair_consver )来证明引理< em> subset_listpair_consFalse 。我证明了这一点,但是它很长,并且使用引理子集subset_listpair_consve。
Require Import List.
Require Import Bool.
Definition entity := nat.
Definition entityID := nat.
Definition listPair : Set :=
list (entity * entityID).
(* check if e is in list l*)
Fixpoint in_listpair e (l : listPair) :=
match l with
| nil => false
| (x, y) :: l' => Nat.eqb e x || in_listpair e l'
end.
(* check if list l1 is in list l2:i.e., 11 entities are in l2*)
Fixpoint subset_listpair (l1 l2 : listPair) :=
match l1 with
| nil => true
| (x1, _) :: l1 => in_listpair x1 l2 && subset_listpair l1 l2
end.
Lemma subset_listpair_consver l1 l2 l3 e :
in_listpair e l2 = true->
in_listpair e l3 = false ->
subset_listpair l1 l2 = true ->
subset_listpair l1 l3 = false.
Proof.
Admitted.
Lemma subset_listpair_consFalse l1 l2 l3 :
subset_listpair l1 l2 = true ->
subset_listpair l1 l3 = false -> subset_listpair l2 l3=false .
Proof.
induction l1.
induction l3.
destruct l2.
simpl. intros.
inversion H0.
intros. destruct p. simpl in *. reflexivity.
simpl in *. intros. intuition. inversion H0.
intros. rewrite IHl1. reflexivity.
simpl in H0.
destruct a. simpl in H.
rewrite andb_true_iff in H.
rewrite andb_false_iff in H0.
elim H. intros. assumption.
simpl in H0.
destruct a. simpl in H.
rewrite andb_true_iff in H.
rewrite andb_false_iff in H0.
elim H. intros.
elim H0. intros.
pose proof ( subset_listpair_consver ) as H10.
assert ( subset_listpair l1 l3 = false) as H11.
rewrite H10 with (l2:=l2) (e:=e).
reflexivity. assumption. assumption. assumption. assumption.
intro.
assumption.
Qed.
答案 0 :(得分:1)
这是一种可能的解决方案。我并没有寻求无引理的证明或最短的证明。相反,我试图将所有内容分解为(相对)易于操作的一口大小的块。
首先,这是标准库中缺少的辅助引理。它只是陈述了古典逻辑中的对立定律(我们在这里有可确定的命题,所以它们是古典的)。
From Coq Require Import Arith Bool List.
Lemma contra b1 b2 :
(b2 = false -> b1 = false) <-> (b1 = true -> b2 = true).
Proof. destruct b1, b2; intuition. Qed.
现在,我们将需要以下简单属性:
Lemma in_subset_listpair {p l1 l2} :
in_listpair p l1 = true ->
subset_listpair l1 l2 = true ->
in_listpair p l2 = true.
Proof.
induction l1 as [| [x1 y1] l1 IH]; simpl; [easy|].
rewrite orb_true_iff, andb_true_iff. intros [->%Nat.eqb_eq|] []; trivial.
now apply IH.
Qed.
接下来,我们证明subset是可传递的:
Lemma subset_listpair_transitive l2 l1 l3 :
subset_listpair l1 l2 = true ->
subset_listpair l2 l3 = true ->
subset_listpair l1 l3 = true .
Proof.
induction l1 as [| [x1 y1] l1 IH]; simpl; trivial.
intros [I1 S1]%andb_prop S2. rewrite (IH S1 S2), andb_true_r.
now apply (in_subset_listpair I1).
Qed.
现在,目标引理基本上是传递性属性的对立陈述:
Lemma subset_listpair_consFalse l1 l2 l3 :
subset_listpair l1 l2 = true ->
subset_listpair l1 l3 = false ->
subset_listpair l2 l3 = false .
Proof.
intros S12; rewrite contra.
now apply subset_listpair_transitive.
Qed.