160 likes | 348 Vues
CSE-490 Logic in Computer Science The Coq Proof Assistant. 박성우. POSTECH Dec 15, 2006. Welcome to the Last Lecture!. Coq A formal proof checker http://coq.inria.fr NOT our goal: to learn a lot and become an expert Coq programmer Our goal:
E N D
CSE-490 Logic in Computer ScienceThe Coq Proof Assistant 박성우 POSTECH Dec 15, 2006
Welcome to the Last Lecture! • Coq • A formal proof checker • http://coq.inria.fr • NOT our goal: • to learn a lot and become an expert Coq programmer • Our goal: • to see how much of what we learned is actually used in a proof checker • and to relax...
Natural Numbers [gla@pl:407 ] coqtop Welcome to Coq 8.0pl3 (Jan 2006) Coq < CheckO. 0 : nat Coq < CheckS. S : nat -> nat
2, 3, double Coq < Definition one := S O. one is defined Coq < Definition two := S one. two is defined Coq < Definition three := S two. three is defined Coq < Definition double (m:nat) := plus m m. double is defined Coq < Check double. double : nat -> nat
Assuming n > 0 Coq < Section CSE490. Coq < Check gt. gt : nat -> nat -> Prop Coq < Variable n : nat. n is assumed Coq < Hypothesis Pos_n : gt n O. Pos_n is assumed Coq < Check Pos_n. Pos_n : n > 0
Coq < Parameter A B C : Prop. A is assumed B is assumed C is assumed Coq < Lemma I : A -> A. 1 subgoal ============================ A -> A I < intro x. 1 subgoal x : A ============================ A I < exact x. Proof completed. I < Qed. intro x. exact x. I is defined Coq < Check I. I : A -> A Proving A ! A
Coq < Lemma S : (A -> B -> C) -> (A -> B) -> A -> C. 1 subgoal ============================ (A -> B -> C) -> (A -> B) -> A -> C S < intro x. 1 subgoal x : A -> B -> C ============================ (A -> B) -> A -> C S < intro y. 1 subgoal x : A -> B -> C y : A -> B ============================ A -> C S < intro z. 1 subgoal x : A -> B -> C y : A -> B z : A ============================ C S < exact z. Proof completed. S < Qed. intro x. intro y. intro z. apply x. exact z. apply y. exact z. S is defined (A ! B ! C) ! (A ! B) ! (A ! C) S < apply x. 2 subgoals x : A -> B -> C y : A -> B z : A ============================ A subgoal 2 is: B S < exact z. 1 subgoal x : A -> B -> C y : A -> B z : A ============================ B S < apply y. 1 subgoal x : A -> B -> C y : A -> B z : A ============================ A
Coq < Lemma and_commutative : A /\ B -> B /\ A. 1 subgoal ============================ A /\ B -> B /\ A and_commutative < intro. 1 subgoal H : A /\ B ============================ B /\ A and_commutative < elim H. 1 subgoal H : A /\ B ============================ A -> B -> B /\ A and_commutative < intros. 1 subgoal H : A /\ B H0 : A H1 : B ============================ B /\ A and_commutative < split. 2 subgoals H : A /\ B H0 : A H1 : B ============================ B subgoal 2 is: A and_commutative < exact H1. 1 subgoal H : A /\ B H0 : A H1 : B ============================ A and_commutative < exact H0. Proof completed. A Æ B ! B Æ A
Coq < Lemma Peirce : ((A -> B) -> A) -> A. 1 subgoal ============================ ((A -> B) -> A) -> A Peirce < try tauto. 1 subgoal ============================ ((A -> B) -> A) -> A Peirce < Require Import Classical. Peirce < Check NNPP. NNPP : forall p : Prop, ~ ~ p -> p Peirce < apply NNPP. 1 subgoal ============================ ~ ~ (((A -> B) -> A) -> A) Peirce < tauto. Proof completed. Peirce < Qed. try tauto. apply NNPP. tauto. Peirce is defined Classical Reasoning
Inductive Booleans Coq < Inductive bool : Set := true | false. bool is defined bool_rect is defined bool_ind is defined bool_rec is defined Coq < Check bool_ind. bool_ind : forall P : bool -> Prop, P true -> P false -> forall b : bool, P b Coq < Check bool_rec. bool_rec : forall P : bool -> Set, P true -> P false -> forall b : bool, P b Coq < Check bool_rect. bool_rect : forall P : bool -> Type, P true -> P false -> forall b : bool, P b
Coq < Lemma duality : forall b:bool, b = true \/ b = false. 1 subgoal ============================ forall b : bool, b = true \/ b = false duality < intro b. 1 subgoal b : bool ============================ b = true \/ b = false duality < elim b. 2 subgoals b : bool ============================ true = true \/ true = false subgoal 2 is: false = true \/ false = false duality < left. 2 subgoals b : bool ============================ true = true subgoal 2 is: false = true \/ false = false duality < trivial. 1 subgoal b : bool ============================ false = true \/ false = false duality < right; trivial. Proof completed. First First-Order Formula!
Natural Numbers Coq < Inductive nat : Set := O : nat | S : nat -> nat. nat is defined nat_rect is defined nat_ind is defined nat_rec is defined Coq < Check nat_ind. nat_ind : forall P : nat -> Prop, P O -> (forall n : nat, P n -> P (S n)) -> forall n : nat, P n Coq < Check nat_rec. nat_rec : forall P : nat -> Set, P O -> (forall n : nat, P n -> P (S n)) -> forall n : nat, P n
Primitive Recursion Coq < Check nat_rec. nat_rec : forall P : nat -> Set, P O -> (forall n : nat, P n -> P (S n)) -> forall n : nat, P n Coq < Definition prim_rec := nat_rec (fun _:nat => nat). prim_rec is defined Coq < Definition addition (n:nat) (m:nat) := prim_rec m(fun p rec:nat => S rec) n. addition is defined Coq < Eval compute in (addition (S (S O)) (S (S (S O)))). = S (S (S (S (S O)))) : (fun _ : nat => nat) (S (S O))
Definitional Equality Coq < Fixpoint plus (n m:nat) {struct n} : nat := Coq < match n with Coq < | O => m Coq < | S p => S (plus p m) Coq < end. plus is recursively defined Coq < Check plus. plus : nat -> nat -> nat Coq < Lemma plus_n_O : forall n:nat, n = plus n 0. 1 subgoal ============================ forall n : nat, n = plus n 0 plus_n_O < intro n; elim n. 2 subgoals n : nat ============================ 0 = plus 0 0 subgoal 2 is: forall n0 : nat, n0 = plus n0 0 -> S n0 = plus (S n0) 0 plus_n_O < simpl. 2 subgoals n : nat ============================ 0 = 0 subgoal 2 is: forall n0 : nat, n0 = plus n0 0 -> S n0 = plus (S n0) 0 plus_n_O < trivial. 1 subgoal n : nat ============================ forall n0 : nat, n0 = plus n0 0 -> S n0 = plus (S n0) 0 plus_n_O < intro. 1 subgoal n : nat n0 : nat ============================ n0 = plus n0 0 -> S n0 = plus (S n0) 0 plus_n_O < intro. 1 subgoal n : nat n0 : nat H : n0 = plus n0 0 ============================ S n0 = plus (S n0) 0 plus_n_O < simpl. 1 subgoal n : nat n0 : nat H : n0 = plus n0 0 ============================ S n0 = S (plus n0 0) plus_n_O < rewrite <- H. 1 subgoal n : nat n0 : nat H : n0 = plus n0 0 ============================ S n0 = S n0 plus_n_O < trivial. Proof completed.