「SF-LC」2 Induction
Review (only in slide)
1 | Theorem review2: ∀b, (orb true b) = true. |
Whether or not it can be just simpl.
depending on the definition of orb
.
In Proof Engineering, we probably won’t need to include review2
but need to include review3
in library.
Why we have
simpl.
but notrefl.
?
Proving 0
is a “neutral element” for +
(additive identity)
Proving 0 + n = n
1 | Theorem plus_O_n : forall n : nat, 0 + n = n. |
This can be simply proved by simplication bcuz the definition of +
is defined by pattern matching against 1st operand:
1 | Fixpoint plus (n : nat) (m : nat) : nat := |
We can observe that if n
is 0
(O
), no matter m
is, it returns m
as is.
Proving n + 0 = n
1st try: Simplication
1 | Theorem plus_O_n_1 : forall n : nat, n + 0 = n. |
This cannot be proved by simplication bcuz n
is unknown so unfold the definition +
won’t be able to simplify anything.
2nd try: Case Analysis
1 | Theorem plus_n_O_2 : ∀n:nat, |
Our 2nd try is to use case analysis (destruct
), but the proof stucks in inductive case since n
can be infinitely large (destructed)
Induction to the resucue
To prove interesting facts about numbers, lists, and other inductively defined sets, we usually need a more powerful reasoning principle: induction.
Princeple of induction over natural numbers (i.e. mathematical induction)
1 | P(0); ∀n' P(n') → P(S n') ====> P(n) |
In Coq, like destruct
, induction
break P(n)
into 2 subgoals:
1 | Theorem plus_n_O : ∀n:nat, n = n + 0. |
Proving n - n = 0
1 | Theorem minus_diag : ∀n, |
Noticed that the definition of minus
:
1 | Fixpoint minus (n m:nat) : nat := |
rewrite
rewrite
would do a (DFS) preorder traversal in the syntax tree.