CSE-490 Logic in Computer Science The Coq Proof Assistant POSTECH Dec 15, 2006 박성우

2 Welcome to the Last Lecture! Coq –A formal proof checker – NOT our goal: –to learn a lot and become an expert Coq programmer Our goal: –to see how much of what we learned is actually used in a proof checker –and to relax...

3 Natural Numbers ] coqtop Welcome to Coq 8.0pl3 (Jan 2006) Coq < Check O. 0 : nat Coq < Check S. S : nat -> nat

4 2, 3, double Coq < Definition one := S O. one is defined Coq < Definition two := S one. two is defined Coq < Definition three := S two. three is defined Coq < Definition double (m:nat) := plus m m. double is defined Coq < Check double. double : nat -> nat

5 Assuming n > 0 Coq < Section CSE490. Coq < Check gt. gt : nat -> nat -> Prop Coq < Variable n : nat. n is assumed Coq < Hypothesis Pos_n : gt n O. Pos_n is assumed Coq < Check Pos_n. Pos_n : n > 0

6 Proving A ! A Coq < Parameter A B C : Prop. A is assumed B is assumed C is assumed Coq A. 1 subgoal ============================ A -> A I < intro x. 1 subgoal x : A ============================ A I < exact x. Proof completed. I < Qed. intro x. exact x. I is defined Coq < Check I. I : A -> A

7 Coq B -> C) -> (A -> B) -> A -> C. 1 subgoal ============================ (A -> B -> C) -> (A -> B) -> A -> C S < intro x. 1 subgoal x : A -> B -> C ============================ (A -> B) -> A -> C S < intro y. 1 subgoal x : A -> B -> C y : A -> B ============================ A -> C S < intro z. 1 subgoal x : A -> B -> C y : A -> B z : A ============================ C S < exact z. Proof completed. S < Qed. intro x. intro y. intro z. apply x. exact z. apply y. exact z. S is defined S < apply x. 2 subgoals x : A -> B -> C y : A -> B z : A ============================ A subgoal 2 is: B S < exact z. 1 subgoal x : A -> B -> C y : A -> B z : A ============================ B S < apply y. 1 subgoal x : A -> B -> C y : A -> B z : A ============================ A (A ! B ! C) ! (A ! B) ! (A ! C)

8 A Æ B ! B Æ A Coq B /\ A. 1 subgoal ============================ A /\ B -> B /\ A and_commutative < intro. 1 subgoal H : A /\ B ============================ B /\ A and_commutative < elim H. 1 subgoal H : A /\ B ============================ A -> B -> B /\ A and_commutative < intros. 1 subgoal H : A /\ B H0 : A H1 : B ============================ B /\ A and_commutative < split. 2 subgoals H : A /\ B H0 : A H1 : B ============================ B subgoal 2 is: A and_commutative < exact H1. 1 subgoal H : A /\ B H0 : A H1 : B ============================ A and_commutative < exact H0. Proof completed.

9 Classical Reasoning Coq B) -> A) -> A. 1 subgoal ============================ ((A -> B) -> A) -> A Peirce < try tauto. 1 subgoal ============================ ((A -> B) -> A) -> A Peirce < Require Import Classical. Peirce < Check NNPP. NNPP : forall p : Prop, ~ ~ p -> p Peirce < apply NNPP. 1 subgoal ============================ ~ ~ (((A -> B) -> A) -> A) Peirce < tauto. Proof completed. Peirce < Qed. try tauto. apply NNPP. tauto. Peirce is defined

10 Inductive Booleans Coq < Inductive bool : Set := true | false. bool is defined bool_rect is defined bool_ind is defined bool_rec is defined Coq < Check bool_ind. bool_ind : forall P : bool -> Prop, P true -> P false -> forall b : bool, P b Coq < Check bool_rec. bool_rec : forall P : bool -> Set, P true -> P false -> forall b : bool, P b Coq < Check bool_rect. bool_rect : forall P : bool -> Type, P true -> P false -> forall b : bool, P b

11 First First-Order Formula! Coq < Lemma duality : forall b:bool, b = true \/ b = false. 1 subgoal ============================ forall b : bool, b = true \/ b = false duality < intro b. 1 subgoal b : bool ============================ b = true \/ b = false duality < elim b. 2 subgoals b : bool ============================ true = true \/ true = false subgoal 2 is: false = true \/ false = false duality < left. 2 subgoals b : bool ============================ true = true subgoal 2 is: false = true \/ false = false duality < trivial. 1 subgoal b : bool ============================ false = true \/ false = false duality < right; trivial. Proof completed.

12 Natural Numbers Coq nat. nat is defined nat_rect is defined nat_ind is defined nat_rec is defined Coq < Check nat_ind. nat_ind : forall P : nat -> Prop, P O -> (forall n : nat, P n -> P (S n)) -> forall n : nat, P n Coq < Check nat_rec. nat_rec : forall P : nat -> Set, P O -> (forall n : nat, P n -> P (S n)) -> forall n : nat, P n

13 Primitive Recursion Coq < Check nat_rec. nat_rec : forall P : nat -> Set, P O -> (forall n : nat, P n -> P (S n)) -> forall n : nat, P n Coq nat). prim_rec is defined Coq S rec) n. addition is defined Coq < Eval compute in (addition (S (S O)) (S (S (S O)))). = S (S (S (S (S O)))) : (fun _ : nat => nat) (S (S O))

14 Definitional Equality Coq < Fixpoint plus (n m:nat) {struct n} : nat := Coq < match n with Coq m Coq S (plus p m) Coq < end. plus is recursively defined Coq < Check plus. plus : nat -> nat -> nat Coq < Lemma plus_n_O : forall n:nat, n = plus n 0. 1 subgoal ============================ forall n : nat, n = plus n 0 plus_n_O < intro n; elim n. 2 subgoals n : nat ============================ 0 = plus 0 0 subgoal 2 is: forall n0 : nat, n0 = plus n0 0 -> S n0 = plus (S n0) 0 plus_n_O < simpl. 2 subgoals n : nat ============================ 0 = 0 subgoal 2 is: forall n0 : nat, n0 = plus n0 0 -> S n0 = plus (S n0) 0 plus_n_O < trivial. 1 subgoal n : nat ============================ forall n0 : nat, n0 = plus n0 0 -> S n0 = plus (S n0) 0 plus_n_O < intro. 1 subgoal n : nat n0 : nat ============================ n0 = plus n0 0 -> S n0 = plus (S n0) 0 plus_n_O < intro. 1 subgoal n : nat n0 : nat H : n0 = plus n0 0 ============================ S n0 = plus (S n0) 0 plus_n_O < simpl. 1 subgoal n : nat n0 : nat H : n0 = plus n0 0 ============================ S n0 = S (plus n0 0) plus_n_O < rewrite <- H. 1 subgoal n : nat n0 : nat H : n0 = plus n0 0 ============================ S n0 = S n0 plus_n_O < trivial. Proof completed.

Congratulations - You made it!