The Coq Proof Assistant



A Tutorial







Version 1

























Gérard Huet, Gilles Kahn and Christine Paulin-Mohring

LogiCal Project





©INRIA 1999-2004 ( Coq versions 7.x)

©INRIA 2004-2006 ( Coq versions 8.x)



1 This research was partly supported by IST working group “Types”

Getting started

Coq

Coq

Coq

Coq

Coq

Coq

http://coq.inria.fr

Coq

Coq <

Coq

Coq

Coq

Coq

unix:~> coqtop Welcome to Coq 8.0 (Mar 2004) Coq <

Coq

coq-bugs@pauillac.inria.fr

http

1 Alternative graphical interfaces exist: Proof General and Pcoq.

Chapter 1 Basic Predicate Calculus

1.1 An overview of the specification language Gallina

declarations

definitions

Coq

commands

Coq < Quit.

name

specification

_

'

A

a

Coq

logical propositions

mathematical collections

abstract types

Prop

Set

Type

type

Coq

Check

Coq < Check O.

0

: nat



O

nat

Coq < Check nat.

nat

: Set



Set

Coq

Coq < Section Declaration.



let n be a natural number

Coq < Variable n : nat.

n is assumed



let n be a positive natural number

Pos_n

Coq < Hypothesis Pos_n : (gt n 0).

Pos_n is assumed



gt

Coq < Check gt.

gt

: nat -> nat -> Prop



gt

nat

nat

Prop

nat->Prop

Coq < Check (nat -> Prop).

nat -> Prop

: Type



nat

nat->nat->Prop

nat->nat->Prop

nat->(nat->Prop)

(gt n)

nat->Prop

(gt n O)

((gt n) O)

Coq < Check gt n O.

n > 0

: Prop



nat

Set

O

S

plus

nat

nat->nat

nat->nat->nat

one

Coq < Definition one := (S O).

one is defined



Coq < Definition two : nat := S one.

two is defined



Coq

Coq < Definition three : nat := S two.

three is defined



m

nat

(plus m m)

Coq < Definition double (m:nat) := plus m m.

double is defined



double

fun m:nat => plus m m

fun

fun x:A => e

A->B

e

B

x

A

x

fun x:A => e

double

fun n:nat => (plus n n)

n

Coq < Definition add_n (m:nat) := plus m n.

add_n is defined



Coq

forall m:nat, gt m O

Coq < Check (forall m:nat, gt m 0).

forall m : nat, m > 0

: Prop



Coq < Reset Declaration.



1.2 Introduction to the proof engine: Minimal Logic

Prop

Coq < Section Minimal_Logic.



Coq < Variables A B C : Prop.

A is assumed

B is assumed

C is assumed



Coq < Check (A -> B).

A -> B

: Prop



Goal

Coq < Goal (A -> B -> C) -> (A -> B) -> A -> C.

1 subgoal



A : Prop

B : Prop

C : Prop

============================

(A -> B -> C) -> (A -> B) -> A -> C



judgment

tactics

intro

Coq < intro H.

1 subgoal



A : Prop

B : Prop

C : Prop

H : A -> B -> C

============================

(A -> B) -> A -> C



Coq < intros H' HA.

1 subgoal



A : Prop

B : Prop

C : Prop

H : A -> B -> C

H' : A -> B

HA : A

============================

C



H

apply

Coq < apply H.

2 subgoals



A : Prop

B : Prop

C : Prop

H : A -> B -> C

H' : A -> B

HA : A

============================

A

subgoal 2 is:

B



apply

Coq < exact HA.

1 subgoal



A : Prop

B : Prop

C : Prop

H : A -> B -> C

H' : A -> B

HA : A

============================

B



Coq < apply H'.

1 subgoal



A : Prop

B : Prop

C : Prop

H : A -> B -> C

H' : A -> B

HA : A

============================

A



exact HA.

HA

Coq < assumption.

Proof completed.



Abort

Coq

trivial_lemma

Coq < Save trivial_lemma.

intro H.

intros H' HA.

apply H.

exact HA.

apply H'.

assumption.

trivial_lemma is defined



Coq < Lemma distr_impl : (A -> B -> C) -> (A -> B) -> A -> C.

1 subgoal



A : Prop

B : Prop

C : Prop

============================

(A -> B -> C) -> (A -> B) -> A -> C



Coq < intros.

1 subgoal



A : Prop

B : Prop

C : Prop

H : A -> B -> C

H0 : A -> B

H1 : A

============================

C



intros

intro

tacticals

T 1 ; T 2 (read T 1 then T 2 ) applies tactic T 1 to the current goal, and then tactic T 2 to all the subgoals generated by T 1 .

; (read then ) applies tactic to the current goal, and then tactic to all the subgoals generated by . T; [T 1 | T 2 | ... | T n ] applies tactic T to the current goal, and then tactic T 1 to the first newly generated subgoal, ..., T n to the nth.

distr_impl

Coq < apply H; [ assumption | apply H0; assumption ].

Proof completed.



distr_impl

Coq < Save.

intros.

apply H; [ assumption | apply H0; assumption ].

distr_impl is defined



Save

distr_impl

Save

intro

apply

assumption

auto

Coq < Lemma distr_imp : (A -> B -> C) -> (A -> B) -> A -> C.

1 subgoal



A : Prop

B : Prop

C : Prop

============================

(A -> B -> C) -> (A -> B) -> A -> C



Coq < auto.

Proof completed.



Abort

Coq < Abort.

Current goal aborted



Abort

Restart

Undo

Undo n

Inspect n.

Coq

n

Coq < Inspect 3.

*** [C : Prop]

trivial_lemma : (A -> B -> C) -> (A -> B) -> A -> C

distr_impl : (A -> B -> C) -> (A -> B) -> A -> C



***

1.3 Propositional Calculus

intro

apply

Coq

Natural Deduction

introduction rules

elimination rules

/\

\/

Coq < Lemma and_commutative : A /\ B -> B /\ A.

1 subgoal



A : Prop

B : Prop

C : Prop

============================

A /\ B -> B /\ A



Coq < intro.

1 subgoal



A : Prop

B : Prop

C : Prop

H : A /\ B

============================

B /\ A



H

elim

Coq < elim H.

1 subgoal



A : Prop

B : Prop

C : Prop

H : A /\ B

============================

A -> B -> B /\ A



split

Coq < split.

2 subgoals



A : Prop

B : Prop

C : Prop

H : A /\ B

H0 : A

H1 : B

============================

B

subgoal 2 is:

A



Coq < Restart.

1 subgoal



A : Prop

B : Prop

C : Prop

============================

A /\ B -> B /\ A



Coq < intro H; elim H; auto.

Proof completed.



Coq < Qed.

intro H; elim H; auto.

and_commutative is defined



auto

conj

Coq < Check conj.

conj

: forall A B : Prop, A -> B -> A /\ B



Split

apply conj.

auto

Hint Resolve

auto

Coq < Lemma or_commutative : A \/ B -> B \/ A.

1 subgoal



A : Prop

B : Prop

C : Prop

============================

A \/ B -> B \/ A



Coq < intro H; elim H.

2 subgoals



A : Prop

B : Prop

C : Prop

H : A \/ B

============================

A -> B \/ A

subgoal 2 is:

B -> B \/ A



intro

B\/A

A

Coq < intro HA.

2 subgoals



A : Prop

B : Prop

C : Prop

H : A \/ B

HA : A

============================

B \/ A

subgoal 2 is:

B -> B \/ A



H

clear

Coq < clear H.

2 subgoals



A : Prop

B : Prop

C : Prop

HA : A

============================

B \/ A

subgoal 2 is:

B -> B \/ A



P\/Q

P

Q

or_introl

or_intror

left

right

Coq < right.

2 subgoals



A : Prop

B : Prop

C : Prop

HA : A

============================

A

subgoal 2 is:

B -> B \/ A



Coq < trivial.

1 subgoal



A : Prop

B : Prop

C : Prop

H : A \/ B

============================

B -> B \/ A



trivial

auto

Coq < auto.

Proof completed.



auto

auto

auto

Coq

tauto

Coq < Restart.

1 subgoal



A : Prop

B : Prop

C : Prop

============================

A \/ B -> B \/ A



Coq < tauto.

Proof completed.



Coq < Qed.

tauto.

or_commutative is defined



tauto

Coq < Print or_commutative.

or_commutative =

fun H : A \/ B =>

or_ind (fun H0 : A => or_intror B H0) (fun H0 : B => or_introl A H0) H

: A \/ B -> B \/ A



fun

fun H:A\/B =>

intro H

(or_intror

B H0)

apply or_intror; exact H0

or_intror

B

A

A

H0

B

apply

Coq

tauto

Coq < Lemma distr_and : A -> B /\ C -> (A -> B) /\ (A -> C).

1 subgoal



A : Prop

B : Prop

C : Prop

============================

A -> B /\ C -> (A -> B) /\ (A -> C)



Coq < tauto.

Proof completed.



Coq < Qed.

tauto.

distr_and is defined



1.3.4 Classical reasoning

tauto

Coq < Lemma Peirce : ((A -> B) -> A) -> A.

1 subgoal



A : Prop

B : Prop

C : Prop

============================

((A -> B) -> A) -> A



Coq < try tauto.

1 subgoal



A : Prop

B : Prop

C : Prop

============================

((A -> B) -> A) -> A



Try

true

A

B

Coq

tauto

Coq < Abort.

Current goal aborted



Coq < Lemma NNPeirce : ~ ~ (((A -> B) -> A) -> A).

1 subgoal



A : Prop

B : Prop

C : Prop

============================

~ ~ (((A -> B) -> A) -> A)



Coq < tauto.

Proof completed.



Coq < Qed.

tauto.

NNPeirce is defined



Coq

Coq

Classical

classic

Require

Coq

Coq < Require Import Classical.



Coq < Check NNPP.

NNPP

: forall p : Prop, ~ ~ p -> p



Coq < Lemma Peirce : ((A -> B) -> A) -> A.

1 subgoal



A : Prop

B : Prop

C : Prop

============================

((A -> B) -> A) -> A



Coq < apply NNPP; tauto.

Proof completed.



Coq < Qed.

apply NNPP; tauto.

Peirce is defined



Every non-scottish member wears red socks Every member wears a kilt or doesn't wear red socks The married members don't go out on Sunday A member goes out on Sunday if and only if he is Scottish Every member who wears a kilt is Scottish and married Every scottish member wears a kilt

Coq < Section club.



Coq < Variables Scottish RedSocks WearKilt Married GoOutSunday : Prop.

Scottish is assumed

RedSocks is assumed

WearKilt is assumed

Married is assumed

GoOutSunday is assumed



Coq < Hypothesis rule1 : ~ Scottish -> RedSocks.

rule1 is assumed



Coq < Hypothesis rule2 : WearKilt \/ ~ RedSocks.

rule2 is assumed



Coq < Hypothesis rule3 : Married -> ~ GoOutSunday.

rule3 is assumed



Coq < Hypothesis rule4 : GoOutSunday <-> Scottish.

rule4 is assumed



Coq < Hypothesis rule5 : WearKilt -> Scottish /\ Married.

rule5 is assumed



Coq < Hypothesis rule6 : Scottish -> WearKilt.

rule6 is assumed



Coq < Lemma NoMember : False.

1 subgoal



A : Prop

B : Prop

C : Prop

Scottish : Prop

RedSocks : Prop

WearKilt : Prop

Married : Prop

GoOutSunday : Prop

rule1 : ~ Scottish -> RedSocks

rule2 : WearKilt \/ ~ RedSocks

rule3 : Married -> ~ GoOutSunday

rule4 : GoOutSunday <-> Scottish

rule5 : WearKilt -> Scottish /\ Married

rule6 : Scottish -> WearKilt

============================

False



Coq < tauto.

Proof completed.



Coq < Qed.

tauto.

NoMember is defined



NoMember

NoMember

Coq < End club.



Coq < Check NoMember.

NoMember

: forall Scottish RedSocks WearKilt Married GoOutSunday : Prop,

(~ Scottish -> RedSocks) ->

WearKilt \/ ~ RedSocks ->

(Married -> ~ GoOutSunday) ->

(GoOutSunday <-> Scottish) ->

(WearKilt -> Scottish /\ Married) ->

(Scottish -> WearKilt) -> False



1.4 Predicate Calculus

1.4.1 Sections and signatures

Coq

D

Set

P

R

D

Coq

n

Pos_n

A

B

C

Coq

Reset

Coq < Reset Initial.



Section

D

R

D

Coq < Section Predicate_calculus.



Coq < Variable D : Set.

D is assumed



Coq < Variable R : D -> D -> Prop.

R is assumed



R

R

x

R

R

Coq < Section R_sym_trans.



Coq < Hypothesis R_symmetric : forall x y:D, R x y -> R y x.

R_symmetric is assumed



Coq < Hypothesis R_transitive : forall x y z:D, R x y -> R y z -> R x z.

R_transitive is assumed



forall x:D,

1.4.2 Existential quantification

Coq < Lemma refl_if : forall x:D, (exists y, R x y) -> R x x.

1 subgoal



D : Set

R : D -> D -> Prop

R_symmetric : forall x y : D, R x y -> R y x

R_transitive : forall x y z : D, R x y -> R y z -> R x z

============================

forall x : D, (exists y : D, R x y) -> R x x



ex

Coq < Check ex.

ex

: forall A : Type, (A -> Prop) -> Prop



(exists x:D, P x)

(ex D (fun x:D => P x))

Coq

/\

\/

ex_intro

Exists

a:D

P

h:(P a)

a

P

Coq < intros x x_Rlinked.

1 subgoal



D : Set

R : D -> D -> Prop

R_symmetric : forall x y : D, R x y -> R y x

R_transitive : forall x y z : D, R x y -> R y z -> R x z

x : D

x_Rlinked : exists y : D, R x y

============================

R x x



intros

intro y

Coq < intro y.

1 subgoal



D : Set

R : D -> D -> Prop

R_symmetric : forall x y : D, R x y -> R y x

R_transitive : forall x y z : D, R x y -> R y z -> R x z

y : D

============================

(exists y0 : D, R y y0) -> R y y



x_Rlinked

elim

intros

Coq < elim x_Rlinked.

1 subgoal



D : Set

R : D -> D -> Prop

R_symmetric : forall x y : D, R x y -> R y x

R_transitive : forall x y z : D, R x y -> R y z -> R x z

x : D

x_Rlinked : exists y : D, R x y

============================

forall x0 : D, R x x0 -> R x x



Coq < intros y Rxy.

1 subgoal



D : Set

R : D -> D -> Prop

R_symmetric : forall x y : D, R x y -> R y x

R_transitive : forall x y z : D, R x y -> R y z -> R x z

x : D

x_Rlinked : exists y : D, R x y

y : D

Rxy : R x y

============================

R x x



R_transitive

apply

x

x

z

x

y

R_transitive

apply

with

Coq < apply R_transitive with y.

2 subgoals



D : Set

R : D -> D -> Prop

R_symmetric : forall x y : D, R x y -> R y x

R_transitive : forall x y z : D, R x y -> R y z -> R x z

x : D

x_Rlinked : exists y : D, R x y

y : D

Rxy : R x y

============================

R x y

subgoal 2 is:

R y x



Coq < assumption.

1 subgoal



D : Set

R : D -> D -> Prop

R_symmetric : forall x y : D, R x y -> R y x

R_transitive : forall x y z : D, R x y -> R y z -> R x z

x : D

x_Rlinked : exists y : D, R x y

y : D

Rxy : R x y

============================

R y x



Coq < apply R_symmetric; assumption.

Proof completed.



Coq < Qed.



Coq < End R_sym_trans.



Coq

refl_if

Predicate_calculus

R_sym_trans

refl_if

R_symmetric

R_transitive

intros

R

1.4.3 Paradoxes of classical predicate calculus

Predicate_calculus

P

d

Coq < Variable P : D -> Prop.

P is assumed



Coq < Variable d : D.

d is assumed



Coq < Lemma weird : (forall x:D, P x) -> exists a, P a.

1 subgoal



D : Set

R : D -> D -> Prop

P : D -> Prop

d : D

============================

(forall x : D, P x) -> exists a : D, P a



Coq < intro UnivP.

1 subgoal



D : Set

R : D -> D -> Prop

P : D -> Prop

d : D

UnivP : forall x : D, P x

============================

exists a : D, P a



forall x:D, P x

weird

Coq

x

(P x)

Set

D

UnivP

d

Coq

weird

Coq

weird

Exists

Coq < exists d; trivial.

Proof completed.



Coq < Qed.

intro UnivP.

exists d; trivial.

weird is defined



D

P

Classical

Coq < Hypothesis EM : forall A:Prop, A \/ ~ A.

EM is assumed



Coq < Lemma drinker : exists x:D, P x -> forall x:D, P x.

1 subgoal



D : Set

R : D -> D -> Prop

P : D -> Prop

d : D

EM : forall A : Prop, A \/ ~ A

============================

exists x : D, P x -> forall x0 : D, P x0



elim

EM

Coq < elim (EM (exists x, ~ P x)).

2 subgoals



D : Set

R : D -> D -> Prop

P : D -> Prop

d : D

EM : forall A : Prop, A \/ ~ A

============================

(exists x : D, ~ P x) -> exists x : D, P x -> forall x0 : D, P x0

subgoal 2 is:

~ (exists x : D, ~ P x) -> exists x : D, P x -> forall x0 : D, P x0



Coq < intro Non_drinker; elim Non_drinker; intros Tom Tom_does_not_drink.

2 subgoals



D : Set

R : D -> D -> Prop

P : D -> Prop

d : D

EM : forall A : Prop, A \/ ~ A

Non_drinker : exists x : D, ~ P x

Tom : D

Tom_does_not_drink : ~ P Tom

============================

exists x : D, P x -> forall x0 : D, P x0

subgoal 2 is:

~ (exists x : D, ~ P x) -> exists x : D, P x -> forall x0 : D, P x0



Coq < exists Tom; intro Tom_drinks.

2 subgoals



D : Set

R : D -> D -> Prop

P : D -> Prop

d : D

EM : forall A : Prop, A \/ ~ A

Non_drinker : exists x : D, ~ P x

Tom : D

Tom_does_not_drink : ~ P Tom

Tom_drinks : P Tom

============================

forall x : D, P x

subgoal 2 is:

~ (exists x : D, ~ P x) -> exists x : D, P x -> forall x0 : D, P x0



absurd

Coq < absurd (P Tom); trivial.

1 subgoal



D : Set

R : D -> D -> Prop

P : D -> Prop

d : D

EM : forall A : Prop, A \/ ~ A

============================

~ (exists x : D, ~ P x) -> exists x : D, P x -> forall x0 : D, P x0



d

Coq < intro No_nondrinker; exists d; intro d_drinks.

1 subgoal



D : Set

R : D -> D -> Prop

P : D -> Prop

d : D

EM : forall A : Prop, A \/ ~ A

No_nondrinker : ~ (exists x : D, ~ P x)

d_drinks : P d

============================

forall x : D, P x



Coq < intro Dick; elim (EM (P Dick)); trivial.

1 subgoal



D : Set

R : D -> D -> Prop

P : D -> Prop

d : D

EM : forall A : Prop, A \/ ~ A

No_nondrinker : ~ (exists x : D, ~ P x)

d_drinks : P d

Dick : D

============================

~ P Dick -> P Dick



Coq < intro Dick_does_not_drink; absurd (exists x, ~ P x); trivial.

1 subgoal



D : Set

R : D -> D -> Prop

P : D -> Prop

d : D

EM : forall A : Prop, A \/ ~ A

No_nondrinker : ~ (exists x : D, ~ P x)

d_drinks : P d

Dick : D

Dick_does_not_drink : ~ P Dick

============================

exists x : D, ~ P x



Coq < exists Dick; trivial.

Proof completed.



Coq < Qed.

elim (EM (exists x : _, ~ P x)).

intro Non_drinker; elim Non_drinker; intros Tom Tom_does_not_drink.

exists Tom; intro Tom_drinks.

absurd (P Tom); trivial.

intro No_nondrinker; exists d; intro d_drinks.

intro Dick; elim (EM (P Dick)); trivial.

intro Dick_does_not_drink; absurd (exists x : _, ~ P x); trivial.

exists Dick; trivial.

drinker is defined



Coq < End Predicate_calculus.



Coq < Check refl_if.

refl_if

: forall (D : Set) (R : D -> D -> Prop),

(forall x y : D, R x y -> R y x) ->

(forall x y z : D, R x y -> R y z -> R x z) ->

forall x : D, (exists y : D, R x y) -> R x x



Coq < Check weird.

weird

: forall (D : Set) (P : D -> Prop),

D -> (forall x : D, P x) -> exists a : D, P a



Coq < Check drinker.

drinker

: forall (D : Set) (P : D -> Prop),

D ->

(forall A : Prop, A \/ ~ A) ->

exists x : D, P x -> forall x0 : D, P x0



D

R

refl_if

P

weird

drinker

D

drinker

d

weird

drinker

Coq

forall d:D, E

d

E

D->E

EM

drinker

dependent product

1.4.4 Flexible use of local assumptions

generalize

Coq < Section Predicate_Calculus.



Coq < Variables P Q : nat -> Prop.

P is assumed

Q is assumed



Coq < Variable R : nat -> nat -> Prop.

R is assumed



Coq < Lemma PQR :

Coq < forall x y:nat, (R x x -> P x -> Q x) -> P x -> R x y -> Q x.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

============================

forall x y : nat, (R x x -> P x -> Q x) -> P x -> R x y -> Q x



Coq < intros.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

x : nat

y : nat

H : R x x -> P x -> Q x

H0 : P x

H1 : R x y

============================

Q x



Coq < generalize H0.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

x : nat

y : nat

H : R x x -> P x -> Q x

H0 : P x

H1 : R x y

============================

P x -> Q x



cut

Coq < cut (R x x); trivial.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

x : nat

y : nat

H : R x x -> P x -> Q x

H0 : P x

H1 : R x y

============================

R x x



Abort

Coq < Abort.



Coq

x=y

x

y

x

y

rewrite

replace

f

Coq < Variable f : nat -> nat.

f is assumed



Coq < Hypothesis foo : f 0 = 0.

foo is assumed



Coq < Lemma L1 : forall k:nat, k = 0 -> f k = k.



intro

Coq < intros k E.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

k : nat

E : k = 0

============================

f k = k



E

Coq < rewrite E.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

k : nat

E : k = 0

============================

f 0 = 0



k

O

apply foo

Coq < apply foo.

Proof completed.



Coq < Qed.

intros k E.

rewrite E in |- *.

apply foo.

L1 is defined



rewrite <- E

rewrite E

rewrite -> E

replace

Coq < Hypothesis f10 : f 1 = f 0.

f10 is assumed



Coq < Lemma L2 : f (f 1) = 0.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

============================

f (f 1) = 0



Coq < replace (f 1) with 0.

2 subgoals



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

============================

f 0 = 0

subgoal 2 is:

0 = f 1



replace

foo

transitivity

symmetry

Coq < apply foo.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

============================

0 = f 1



Coq < transitivity (f 0); symmetry; trivial.

Proof completed.



replace

with

Coq < Restart.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

============================

f (f 1) = 0



Coq < replace (f 0) with 0.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

============================

f (f 1) = 0



Coq < rewrite f10; rewrite foo; trivial.

Proof completed.



Coq < Qed.

replace (f 0) with 0.

rewrite f10 in |- *; rewrite foo in |- *; trivial.

L2 is defined



1.5 Using definitions

1.5.1 Unfolding definitions

U

Coq < Variable U : Type.

U is assumed



Coq < Definition set := U -> Prop.

set is defined



Coq < Definition element (x:U) (S:set) := S x.

element is defined



Coq < Definition subset (A B:set) := forall x:U, element x A -> element x B.

subset is defined



T

Coq < Definition transitive (T:Type) (R:T -> T -> Prop) :=

Coq < forall x y z:T, R x y -> R y z -> R x z.

transitive is defined



subset

transitive

Coq < Lemma subset_transitive : transitive set subset.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

U : Type

============================

transitive set subset



transitive

unfold

Coq < unfold transitive.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

U : Type

============================

forall x y z : set, subset x y -> subset y z -> subset x z



subset

Coq < unfold subset.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

U : Type

============================

forall x y z : set,

(forall x0 : U, element x0 x -> element x0 y) ->

(forall x0 : U, element x0 y -> element x0 z) ->

forall x0 : U, element x0 x -> element x0 z



element

auto

element

Coq < auto.

Proof completed.



unfold

Coq

Coq < Undo 2.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

U : Type

============================

forall x y z : set, subset x y -> subset y z -> subset x z



Coq < unfold subset at 2.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

U : Type

============================

forall x y z : set,

subset x y -> (forall x0 : U, element x0 y -> element x0 z) -> subset x z



in

Coq < intros.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

U : Type

x : set

y : set

z : set

H : subset x y

H0 : forall x : U, element x y -> element x z

============================

subset x z



Coq < unfold subset in H.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

U : Type

x : set

y : set

z : set

H : forall x0 : U, element x0 x -> element x0 y

H0 : forall x : U, element x y -> element x z

============================

subset x z



red

Coq < red.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

U : Type

x : set

y : set

z : set

H : forall x0 : U, element x0 x -> element x0 y

H0 : forall x : U, element x y -> element x z

============================

forall x0 : U, element x0 x -> element x0 z



Coq < auto.

Proof completed.



Coq < Qed.

unfold transitive in |- *.

unfold subset at 2 in |- *.

intros.

unfold subset in H.

red in |- *.

auto.

subset_transitive is defined



1.5.2 Principle of proof irrelevance

Coq

opaque

proof irrelevance

provability

transparent

Chapter 2 Induction

2.1 Data Types as Inductively Defined Mathematical Collections

Coq

Prelude

Coq < Inductive bool : Set := true | false.

bool is defined

bool_rect is defined

bool_ind is defined

bool_rec is defined



Set

bool

constructors

Set

true

false

bool

bool

bool

bool_ind

bool_rec

bool_rect

Coq < Check bool_ind.

bool_ind

: forall P : bool -> Prop, P true -> P false -> forall b : bool, P b



Coq < Check bool_rec.

bool_rec

: forall P : bool -> Set, P true -> P false -> forall b : bool, P b



Coq < Check bool_rect.

bool_rect

: forall P : bool -> Type, P true -> P false -> forall b : bool, P b



Coq < Lemma duality : forall b:bool, b = true \/ b = false.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

U : Type

============================

forall b : bool, b = true \/ b = false



Coq < intro b.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

U : Type

b : bool

============================

b = true \/ b = false



b

bool

elim

bool_ind

Coq < elim b.

2 subgoals



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

U : Type

b : bool

============================

true = true \/ true = false

subgoal 2 is:

false = true \/ false = false



Coq < left; trivial.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

U : Type

b : bool

============================

false = true \/ false = false



Coq < right; trivial.

Proof completed.



simple induction

intro

elim

auto

Coq < Restart.

1 subgoal



P : nat -> Prop

Q : nat -> Prop

R : nat -> nat -> Prop

f : nat -> nat

foo : f 0 = 0

f10 : f 1 = f 0

U : Type

============================

forall b : bool, b = true \/ b = false



Coq < simple induction b; auto.

Proof completed.



Coq < Qed.

simple induction b; auto.

duality is defined



2.1.2 Natural numbers

Prelude

S

O

Coq < Inductive nat : Set :=

Coq < | O : nat

Coq < | S : nat -> nat.

nat is defined

nat_rect is defined

nat_ind is defined

nat_rec is defined



Coq < Check nat_ind.

nat_ind

: forall P : nat -> Prop,

P O -> (forall n : nat, P n -> P (S n)) -> forall n : nat, P n



Coq < Check nat_rec.

nat_rec

: forall P : nat -> Set,

P O -> (forall n : nat, P n -> P (S n)) -> forall n : nat, P n



prim_rec

nat_rec

Coq < Definition prim_rec := nat_rec (fun i:nat => nat).

prim_rec is defined



i

Set

(P i)

prim_rec

nat

prim_rec

Coq < Check prim_rec.

prim_rec

: (fun _ : nat => nat) O ->

(forall n : nat, (fun _ : nat => nat) n -> (fun _ : nat => nat) (S n)) ->

forall n : nat, (fun _ : nat => nat) n



nat->(nat->nat->nat)->nat->nat

prim_rec

Coq

Eval Cbv Beta

normal form

Coq < Eval cbv beta in

Coq < ((fun _:nat => nat) O ->

Coq < (forall y:nat, (fun _:nat => nat) y -> (fun _:nat => nat) (S y)) ->

Coq < forall n:nat, (fun _:nat => nat) n).

= nat -> (nat -> nat -> nat) -> nat -> nat

: Set



Coq < Definition addition (n m:nat) := prim_rec m (fun p rec:nat => S rec) n.

addition is defined



(addition n m)

n

n = O

m

n = S p

(S rec)

rec

(addition p m)

Coq

Coq < Eval compute in (addition (S (S O)) (S (S (S O)))).

= S (S (S (S (S O))))

: (fun _ : nat => nat) (S (S O))



Coq

Fixpoint/match

Coq < Fixpoint plus (n m:nat) {struct n} : nat :=

Coq < match n with

Coq < | O => m

Coq < | S p => S (plus p m)

Coq < end.

plus is recursively defined



bool

nat

Coq

Prelude

bool

Reset

Coq < Reset bool.



2.1.3 Simple proofs by induction

plus

Coq < Lemma plus_n_O : forall n:nat, n = n + 0.

1 subgoal



============================

forall n : nat, n = n + 0



Coq < intro n; elim n.

2 subgoals



n : nat

============================

0 = 0 + 0

subgoal 2 is:

forall n0 : nat, n0 = n0 + 0 -> S n0 = S n0 + 0



elim n

Prop

nat

n

nat_ind

P

fun n:nat => n = n

(P O)

forall y:nat, P y -> P (S y)

plus

Coq

simpl

Coq < simpl.

2 subgoals



n : nat

============================

0 = 0

subgoal 2 is:

forall n0 : nat, n0 = n0 + 0 -> S n0 = S n0 + 0



Coq < auto.

1 subgoal



n : nat

============================

forall n0 : nat, n0 = n0 + 0 -> S n0 = S n0 + 0



Coq < simpl; auto.

Proof completed.



Coq < Qed.

intro n; elim n.

simpl in |- *.

auto.

simpl in |- *; auto.

plus_n_O is defined



auto

eq_S

Coq < Check eq_S.

eq_S

: forall x y : nat, x = y -> S x = S y



plus_n_O

auto

Coq < Hint Resolve plus_n_O .



S

Coq < Lemma plus_n_S : forall n m:nat, S (n + m) = n + S m.

1 subgoal



============================

forall n m : nat, S (n + m) = n + S m



simple induction

intros

elim

Coq < simple induction n; simpl; auto.

Proof completed.



Coq < Qed.

simple induction n; simpl in |- *; auto.

plus_n_S is defined



Coq < Hint Resolve plus_n_S .



plus

Coq < Lemma plus_com : forall n m:nat, n + m = m + n.

1 subgoal



============================

forall n m : nat, n + m = m + n



n

m

Coq < simple induction m; simpl; auto.

1 subgoal



n : nat

m : nat

============================

forall n0 : nat, n + n0 = n0 + n -> n + S n0 = S (n0 + n)



auto

plus_n_O

auto

Coq < intros m' E; rewrite <- E; auto.

Proof completed.



Coq < Qed.

simple induction m; simpl in |- *; auto.

intros m' E; rewrite <- E in |- *; auto.

plus_com is defined



O

S

False

O

True

(S n)

Coq < Definition Is_S (n:nat) := match n with

Coq < | O => False

Coq < | S p => True

Coq < end.

Is_S is defined



Is_S

(Is_S (S n))

Coq < Lemma S_Is_S : forall n:nat, Is_S (S n).

1 subgoal



============================

forall n : nat, Is_S (S n)



Coq < simpl; trivial.

Proof completed.



Coq < Qed.

simpl in |- *; trivial.

S_Is_S is defined



False

(Is_S O)

O

S

Coq < Lemma no_confusion : forall n:nat, 0 <> S n.

1 subgoal



============================

forall n : nat, 0 <> S n



red

intros

Coq < red; intros n H.

1 subgoal



n : nat

H : 0 = S n

============================

False



Coq < change (Is_S 0).

1 subgoal



n : nat

H : 0 = S n

============================

Is_S 0



True

Coq < rewrite H; trivial.

1 subgoal



n : nat

H : 0 = S n

============================

Is_S (S n)



Coq < simpl; trivial.

Proof completed.



discriminate

Coq < Restart.

1 subgoal



============================

forall n : nat, 0 <> S n



Coq < intro n; discriminate.

Proof completed.



Coq < Qed.

intro n; discriminate.

no_confusion is defined



2.2 Logic programming

nat

Coq

Prelude

Coq < Inductive le (n:nat) : nat -> Prop :=

Coq < | le_n : le n n

Coq < | le_S : forall m:nat, le n m -> le n (S m).



le:nat->nat->Prop

le_n

le_S

le

le_n

le_S

(le n m)

le

le_n

le_S

le_ind

Coq < Check le.

le

: nat -> nat -> Prop



Coq < Check le_ind.

le_ind

: forall (n : nat) (P : nat -> Prop),

P n ->

(forall m : nat, le n m -> P m -> P (S m)) ->

forall n0 : nat, le n n0 -> P n0



Coq < Lemma le_n_S : forall n m:nat, le n m -> le (S n) (S m).

1 subgoal



============================

forall n m : nat, le n m -> le (S n) (S m)



Coq < intros n m n_le_m.

1 subgoal



n : nat

m : nat

n_le_m : le n m

============================

le (S n) (S m)



Coq < elim n_le_m.

2 subgoals



n : nat

m : nat

n_le_m : le n m

============================

le (S n) (S n)

subgoal 2 is:

forall m0 : nat, le n m0 -> le (S n) (S m0) -> le (S n) (S (S m0))



elim

le_ind

le

Coq < apply le_n; trivial.

1 subgoal



n : nat

m : nat

n_le_m : le n m

============================

forall m0 : nat, le n m0 -> le (S n) (S m0) -> le (S n) (S (S m0))



Coq < intros; apply le_S; trivial.

Proof completed.



induction

auto

Coq < Restart.

1 subgoal



============================

forall n m : nat, le n m -> le (S n) (S m)



Coq < Hint Resolve le_n le_S .



(le n m)

Coq < simple induction 1; auto.

Proof completed.



Coq < Qed.

simple induction 1; auto.

le_n_S is defined



le

Coq < Lemma tricky : forall n:nat, le n 0 -> n = 0.

1 subgoal



============================

forall n : nat, le n 0 -> n = 0



induction 1

n

le

(le n O)

le_n

inversion_clear

Coq < intros n H; inversion_clear H.

1 subgoal



n : nat

============================

0 = 0



Coq < trivial.

Proof completed.



Coq < Qed.

intros n H; inversion_clear H.

trivial.

tricky is defined



Chapter 3 Modules

3.1 Opening library modules

Coq

Require

Coq < Require Import Arith.



Arith.vo

Coq

Add LoadPath

Coq

Coq

Coq

Arith

Coq.Arith.Arith

Arith

Coq < Require Import Coq.Arith.Arith.



Arith

Arith

Top

3.2 Creating your own modules

Coq

my_module.v

Load my_module

coqc

my_module.v

my_module.vo

Require Import my_module

M

N

N

Require Export M

N

3.3 Managing the context

SearchAbout

Coq < SearchAbout le.

tricky: forall n : nat, le n 0 -> n = 0

Top.le_n_S: forall n m : nat, le n m -> le (S n) (S m)

le_ind:

forall (n : nat) (P : nat -> Prop),

P n ->

(forall m : nat, le n m -> P m -> P (S m)) ->

forall n0 : nat, le n n0 -> P n0

le_n: forall n : nat, le n n

le_S: forall n m : nat, le n m -> le n (S m)



Search

Coq < Search le.

Top.le_n_S: forall n m : nat, le n m -> le (S n) (S m)

le_n: forall n : nat, le n n

le_S: forall n m : nat, le n m -> le n (S m)



SearchPattern

\_

Coq

Coq < SearchPattern (_ + _ = _).

le_plus_minus_r: forall n m : nat, n <= m -> n + (m - n) = m

mult_acc_aux: forall n m p : nat, m + n * p = mult_acc m p n

plus_O_n: forall n : nat, 0 + n = n

plus_Sn_m: forall n m : nat, S n + m = S (n + m)

mult_n_Sm: forall n m : nat, n * m + n = n * S m

plus_0_l: forall n : nat, 0 + n = n

plus_0_r: forall n : nat, n + 0 = n

plus_comm: forall n m : nat, n + m = m + n

plus_Snm_nSm: forall n m : nat, S n + m = n + S m

plus_assoc: forall n m p : nat, n + (m + p) = n + m + p

plus_permute: forall n m p : nat, n + (m + p) = m + (n + p)

plus_assoc_reverse: forall n m p : nat, n + m + p = n + (m + p)

plus_permute_2_in_4: forall n m p q : nat, n + m + (p + q) = n + p + (m + q)

plus_tail_plus: forall n m : nat, n + m = tail_plus n m

plus_com: forall n m : nat, n + m = m + n



3.4 Now you are on your own

Coq

Coq

Coq