Question

假设以下定义（前两个定义来自http://www.cis.upenn.edu/~bcpierce/sf/Basics.html）：

Fixpoint beq_nat (n m : nat) : bool :=
  match n with
  | O => match m with
         | O => true
         | S m' => false
         end
  | S n' => match m with
            | O => false
            | S m' => beq_nat n' m'
            end
  end.

Fixpoint ble_nat (n m : nat) : bool :=
  match n with
  | O => true
  | S n' =>
      match m with
      | O => false
      | S m' => ble_nat n' m'
      end
  end.

Definition blt_nat (n m : nat) : bool :=
  if andb (ble_nat n m) (negb (beq_nat n m)) then true else false.

我想证明以下内容：

Lemma blt_nat_flip0 : forall (x y : nat),
  blt_nat x y = false -> ble_nat y x = true.

Lemma blt_nat_flip : forall (x y : nat),
  blt_nat x y = false -> beq_nat x y = false -> blt_nat y x = true.

我能够达到的最远的目的是证明blt_nat_flip假设为blt_nat_flip0。我花了很多时间，我几乎在那里，但整体而言似乎比它应该更复杂。谁有更好的想法如何证明这两个引理？

到目前为止，这是我的尝试：

Lemma beq_nat_symmetric : forall (x y : nat),
  beq_nat x y = beq_nat y x.
Proof.
  intros x. induction x.
    intros y. simpl. destruct y.
      reflexivity. reflexivity.
    intros y. simpl. destruct y.
      reflexivity.
      simpl. apply IHx.
  Qed. 

Lemma and_negb_false : forall (b1 b2 : bool),
  b2 = false -> andb b1 (negb b2) = b1.
Proof. 
  intros. rewrite -> H. unfold negb. destruct b1.
    simpl. reflexivity.
    simpl. reflexivity.
  Qed.

Lemma blt_nat_flip0 : forall (x y : nat),
  blt_nat x y = false -> ble_nat y x = true.
Proof.
  intros x.
  induction x.
    intros. destruct y.
      simpl. reflexivity.
      simpl. inversion H.
    intros. destruct y. simpl. reflexivity.
    simpl. rewrite -> IHx. reflexivity. 
    (* I am giving up for now at this point ... *)
  Admitted.

Lemma blt_nat_flip : forall (x y : nat),
  blt_nat x y = false -> beq_nat x y = false ->
    blt_nat y x = true.
Proof.
  intros. 
  unfold blt_nat.
  rewrite -> beq_nat_symmetric. rewrite -> H0.
  rewrite -> and_negb_false.
  replace (ble_nat y x) with true.
  reflexivity. 
  rewrite -> blt_nat_flip0. reflexivity. apply H. reflexivity.
  Qed.

Answer 1

coq似乎在导入的最后一种情况下在inversion上执行H时遇到问题，但如果您之前unfold blt_nat，它似乎按预期工作。

nat上的证据小于或小于或等于

1 个答案: