-
Notifications
You must be signed in to change notification settings - Fork 0
/
peano_nat.mlw
179 lines (128 loc) · 3.39 KB
/
peano_nat.mlw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
module Nat
type nat = O | S nat
function add (n1 n2 : nat) : nat =
match n1 with
| O -> n2
| S n -> S (add n n2)
end
function (+) (a b : nat) : nat = add a b
use int.Int
goal g:
forall x. x = 1 -> x > 0
end
module TestAdd
use Nat
goal g_0_0: (* 0 + 0 = 0 *)
O + O = O
(* solved by "compute_in_goal" *)
goal g_0_1: (* 0 + 1 = 1 *)
O + S O = S O
(* solved by "compute_in_goal" *)
goal g_2_1: (* 2 + 1 = 3 *)
S (S O) + S O = S (S (S O))
(* solved by "compute_in_goal" *)
end
module Inconsistency
lemma introduce: true -> false (* <-- introduces inconsistency *)
lemma exposed: true -> false (* <-- exposed to inconsistency *)
(*
incosisitency applies in this scope,
and all scopes the "use" this module (transitively)
*)
end
module Add
use Nat
goal plus_ol:
forall n. O + n = n
(* solved by "compute_in_goal" *)
goal plus_o_right:
forall n. n + O = n
(* solved by numerous transformations *)
goal plus_o_right_altergo:
forall n. n + O = n
(* solved by two simple transofrmations and SMT solver
"inline_goal"
"induction_ty_lex"
"altergo"
*)
(* we want to prove commutativity *)
(* facilitates plus_comm *)
lemma plus_o_right_lemma:
forall n. n + O = n
(* solved by two simple transofrmations and SMT solver
"inline_goal"
"induction_ty_lex"
"altergo"
*)
(* not required to solve plus_comm *)
(* but might be useful to other proofs *)
lemma plus_Snm_nSm : forall n m:nat. (S n) + m = n + (S m)
(* solved by two simple transofrmations and SMT solver
"inline_goal"
"induction_ty_lex"
"altergo"
*)
(* facilitates plus_comm *)
lemma plus_S: forall n m:nat. S (n + m) = n + (S m)
(* solved by two simple transofrmations and SMT solver
"inline_goal"
"induction_ty_lex"
"altergo"
*)
(* our final goal *)
goal plus_comm:
forall n m. n + m = m + n
(* solved by two simple transofrmations and SMT solver
"inline_goal"
"induction_ty_lex"
"altergo"
*)
end
module Compare
use Nat
use Add
(* use Inconsistency *)
inductive le nat nat =
| Le_n : forall n:nat. le n n
| Le_S : forall n m:nat. le n m -> le n (S m)
predicate (<=) (x y:nat) = le x y
predicate (<) (x y:nat) = (S x) <= y
function f (x : nat) : nat = x + (S O)
goal f_proof:
forall x. x < f x
function g (x y: nat) : nat = x + y
goal g_proof:
forall x y [@induction]. x <= g x y
end
module Sub
use Nat
use Compare
function sub (n m:nat) : nat =
match n, m with
| S k, S l -> sub k l
| _, _ -> n
end
(* Assignment 3a *)
inductive sub_pr nat nat nat = (* your code here *)
| sub_pr_1 : forall n m r:nat. sub_pr n m r -> sub_pr (S n) (S m) r
| sub_pr_2 : forall n:nat. sub_pr n O n
| sub_pr_3 : forall m:nat. sub_pr O m O
(*
show the correspondence in between the
inductive predicate sub_pr and the
function sub
*)
lemma sub_equivalence:
forall n m l. l = sub n m <-> sub_pr n m l
(* Assignment 3b *)
lemma sub_le_nm:
forall n m. sub n m <= n
(* Assignment 3c *)
predicate (>=) (x y:nat) = le y x (* your code here *)
lemma sub_ge_nm:
forall n m. n >= sub n m
(* Assignment 3d *)
predicate (<) (x y:nat) = le (S x) y
lemma sub_lt_nm:
forall n m. ((n <> O) /\ (m <> O)) -> sub n m < n
end