懒惰的评估正确性和完整性(Coq)

时间:2013-12-19 23:40:23

标签: lazy-evaluation coq theorem-proving proof-of-correctness

正如标题所示,我的问题涉及证明Coq中算术表达式的惰性求值的正确性和完整性。我想证明的定理总共有三个:

  1. 计算只给出规范 表达式作为结果

    定理Only_canonical_results: (forall x y:Aexp,Comp x y - > Canonical y)。

  2. 正确性:计算关系 保留表达的表示

    定理correct_wrt_semantics: (forall x y:Aexp,Comp x y - > I N(表示x)(表示y))。

  3. 每次输入都会产生一些结果。

    定理Comp_is_total :( forall x:Aexp, (Sigma Aexp(fun y =>    prod(Comp x y)(Canonical y))))。

    4. 必要的定义可在下面的代码中找到。我应该说清楚,当涉及到Coq时我是新手;更有经验的用户可能会立即注意到。绝大多数情况下,我写的大部分,甚至所有背景材料都可以在标准库中找到。但是,再说一次,如果我确切地知道从标准库中导入什么以证明所需的结果,我很可能不会在这里困扰你。这就是为什么我向你提交我到目前为止的材料,希望有些善良的人可以帮助我。谢谢!

    (* Sigma types *)


Inductive Sigma (A:Set)(B:A -> Set) :Set :=
  Spair: forall a:A, forall b : B a,Sigma A B.

Definition E (A:Set)(B:A -> Set)
  (C: Sigma A B -> Set)
  (c: Sigma A B)
  (d: (forall x:A, forall y:B x, 
      C (Spair A B x y))): C c :=

match c as c0 return (C c0) with
| Spair a b => d a b
end. 

Definition project1 (A:Set)(B:A -> Set)(c: Sigma A B):=
E A B (fun z => A) c (fun x y => x).


(* Binary sum type *)

Inductive sum' (A B:Set):Set := 
inl': A -> sum' A B | inr': B -> sum' A B.

Print sum'_rect.

Definition D (A B : Set)(C: sum' A B -> Set)
(c: sum' A B)
(d: (forall x:A, C (inl' A B x)))
(e: (forall y:B, C (inr' A B y))): C c :=

match c as c0 return C c0 with
| inl' x => d x
| inr' y => e y
end.

(* Three useful finite sets *)

Inductive N_0: Set :=.

Definition R_0
  (C:N_0 -> Set)
  (c: N_0): C c :=
match c as c0 return (C c0) with
end.

Inductive N_1: Set := zero_1:N_1.

Definition R_1 
  (C:N_1 -> Set)
  (c: N_1)
  (d_zero: C zero_1): C c :=
match c as c0 return (C c0) with
  | zero_1 => d_zero
end.

Inductive N_2: Set := zero_2:N_2 | one_2:N_2.

Definition R_2 
  (C:N_2 -> Set)
  (c: N_2)
  (d_zero: C zero_2)
  (d_one: C one_2): C c :=
match c as c0 return (C c0) with
  | zero_2 => d_zero
  | one_2  => d_one
end.


(* Natural numbers *)

Inductive N:Set :=
zero: N | succ : N -> N.

Print N. 

Print N_rect.

Definition R 
  (C:N -> Set)
  (d: C zero)
  (e: (forall x:N, C x -> C (succ x))):
  (forall n:N, C n) :=
fix F (n: N): C n :=
  match n as n0 return (C n0) with
  | zero => d
  | succ n0 => e n0 (F n0)
  end.

(* Boolean to truth-value converter *)

Definition Tr (c:N_2) : Set :=
match c as c0 with
  | zero_2 => N_0
  | one_2 => N_1
end.

(* Identity type *)

Inductive I (A: Set)(x: A) : A -> Set :=
r :  I A x x.

Print I_rect.

Theorem J 
  (A:Set)
  (C: (forall x y:A, 
              forall z: I A x y, Set))
  (d: (forall x:A, C x x (r A x)))
  (a:A)(b:A)(c:I A a b): C a b c.
induction c.
apply d.
Defined.

(* functions are extensional wrt
  identity types *)

Theorem I_I_extensionality (A B: Set)(f: A -> B):
(forall x y:A, I A x y -> I B (f x) (f y)).
Proof.
intros x y P.
induction P.
apply r.
Defined.


(* addition *)

Definition add (m n:N) : N 
 := R (fun z=> N) m (fun x y => succ y) n.

(* multiplication *)

Definition mul (m n:N) : N 
 := R (fun z=> N) zero (fun x y => add y m) n.


(* Axioms of Peano verified *)

Theorem P1a: (forall x: N, I N (add x zero) x).
intro x.
(* force use of definitional equality
  by applying reflexivity *)
apply r.
Defined.


Theorem P1b: (forall x y: N, 
I N (add x (succ y)) (succ (add x y))).
intros.
apply r.
Defined.


Theorem P2a: (forall x: N, I N (mul x zero) zero).
intros.
apply r.
Defined.


Theorem P2b: (forall x y: N, 
I N (mul x (succ y)) (add (mul x y) x)).
intros.
apply r.
Defined.

Definition pd (n: N): N :=
R (fun _=> N) zero (fun x y=> x) n.

(* alternatively
Definition pd (x: N): N :=
match x as x0 with
  | zero => zero
  | succ n0 => n0
end.
*)

Theorem P3: (forall x y:N, 
I N (succ x) (succ y) -> I N x y).
intros x y p.
apply (I_I_extensionality N N pd (succ x) (succ y)).
apply p.
Defined.

Definition not (A:Set): Set:= (A -> N_0).

Definition isnonzero (n: N): N_2:=
R (fun _ => N_2) zero_2 (fun x y => one_2) n.


Theorem P4 : (forall x:N, 
not (I N (succ x) zero)).
intro x.
intro p.

apply (J N (fun x y z => 
    Tr (isnonzero x) -> Tr (isnonzero y))
    (fun x => (fun t => t)) (succ x) zero)
.
apply p.
simpl.
apply zero_1.
Defined.

Theorem P5 (P:N -> Set):
P zero -> (forall x:N, P x -> P (succ x))
   -> (forall x:N, P x).
intros base step n.
apply R.
apply base.
apply step.
Defined.

(* I(A,-,-) is an equivalence relation *)

Lemma Ireflexive (A:Set): (forall x:A, I A x x).
intro x.
apply r.
Defined.

Lemma Isymmetric (A:Set): (forall x y:A, I A x y -> I A y x).
intros x y P.
induction P.
apply r.
Defined.

Lemma Itransitive (A:Set): 
(forall x y z:A, I A x y -> I A y z -> I A x z).
intros x y z P Q.
induction P.
assumption.
Defined.



Definition or (A B : Set):= sum' A B.

(* arithmetical expressions *)

Inductive Aexp :Set :=
  zer: Aexp
| suc: Aexp -> Aexp
| pls: Aexp -> Aexp -> Aexp.

(* denotation of an expression *)

Definition denotation: Aexp->N:=
fix F (a: Aexp): N :=
  match a as a0  with
  | zer => zero
  | suc a1 => succ (F a1)
  | pls a1 a2 => add (F a1) (F a2)
  end.

(* predicate for distinguishing
   canonical expressions *)

Definition Canonical (x:Aexp):Set :=
or (I Aexp x zer) 
   (Sigma Aexp (fun y => 
     I Aexp x (suc y))).

(* the computation relation is
  an inductively defined relation *)

Inductive Comp : Aexp -> Aexp -> Set
:=
refrule: forall a: Aexp, 
         forall p: Canonical a, Comp a a
| zerrule: forall a b c:Aexp, 
         forall p: Comp b zer,
         forall q: Comp a c,
           Comp (pls a b) c
| sucrule: forall a b c:Aexp,
         forall p: Comp b (suc c),
           Comp (pls a b) (suc (pls a c)).

(* Computations only give canonical
   expressions as results *)

Theorem Only_canonical_results:
(forall x y: Aexp, Comp x y -> Canonical y).
admit.
Defined.
(* Here is where help is needed *)
(* Correctness: the computation relation
 preserves denotation of expressions *)

Theorem correct_wrt_semantics:
(forall x y: Aexp, Comp x y -> 
I N (denotation x) (denotation y)).
admit.
(* Here is where help is need*)

Defined.

(* every input leads to some result *)

Theorem Comp_is_total: (forall x:Aexp, 
(Sigma Aexp (fun y => 
   prod (Comp x y) (Canonical y)))).
admit.
 (* Proof required *)
Defined.

1 个答案:

答案 0 :(得分:1)

前两个定理几乎可以盲目证明。他们遵循Comp定义的归纳。第三个需要一些思考和一些辅助定理。但是如果你想学习Coq,你应该遵循一个教程。

关于我使用的策略:

  • induction 1对第一个未命名的假设进行归纳。
  • info_eauto试图通过盲目应用定理来完成目标。
  • Hint Constructors将归纳定义的构造函数添加到定理info_eauto可以使用的数据库中。
  • unfoldsimplrewrite应该是不言自明的。

Hint Constructors sum' prod Sigma I Comp.

Theorem Only_canonical_results:
(forall x y: Aexp, Comp x y -> Canonical y).
unfold Canonical, or.
induction 1.
  info_eauto.
  info_eauto.
  info_eauto.
Defined.

Theorem correct_wrt_semantics:
(forall x y: Aexp, Comp x y -> 
I N (denotation x) (denotation y)).
induction 1.
  info_eauto.
  simpl. rewrite IHComp1. rewrite IHComp2. simpl. info_eauto.
  simpl. rewrite IHComp. simpl. info_eauto.
Defined.

Theorem Comp_is_total: (forall x:Aexp, 
(Sigma Aexp (fun y => 
   prod (Comp x y) (Canonical y)))).
unfold Canonical, or.
induction x.
  eapply Spair. eapply pair.
    eapply refrule. unfold Canonical, or. info_eauto.
    info_eauto.
Admitted.
相关问题
最新问题