Mercurial > cpdt > repo
comparison src/LogicProg.v @ 430:610568369aee
Pass through LogicProg, to incorporate new coqdoc features
author | Adam Chlipala <adam@chlipala.net> |
---|---|
date | Thu, 26 Jul 2012 14:18:15 -0400 |
parents | b4c37245502e |
children | 8077352044b2 |
comparison
equal
deleted
inserted
replaced
429:5744842c36a8 | 430:610568369aee |
---|---|
19 | 19 |
20 (** %\part{Proof Engineering} | 20 (** %\part{Proof Engineering} |
21 | 21 |
22 \chapter{Proof Search by Logic Programming}% *) | 22 \chapter{Proof Search by Logic Programming}% *) |
23 | 23 |
24 (** The Curry-Howard correspondence tells us that proving is %``%#"#just#"#%''% programming, but the pragmatics of the two activities are very different. Generally we care about properties of a program besides its type, but the same is not true about proofs. Any proof of a theorem will do just as well. As a result, automated proof search is conceptually simpler than automated programming. | 24 (** The Curry-Howard correspondence tells us that proving is "just" programming, but the pragmatics of the two activities are very different. Generally we care about properties of a program besides its type, but the same is not true about proofs. Any proof of a theorem will do just as well. As a result, automated proof search is conceptually simpler than automated programming. |
25 | 25 |
26 The paradigm of %\index{logic programming}%logic programming%~\cite{LogicProgramming}%, as embodied in languages like %\index{Prolog}%Prolog%~\cite{Prolog}%, is a good match for proof search in higher-order logic. This chapter introduces the details, attempting to avoid any dependence on past logic programming experience. *) | 26 The paradigm of %\index{logic programming}%logic programming%~\cite{LogicProgramming}%, as embodied in languages like %\index{Prolog}%Prolog%~\cite{Prolog}%, is a good match for proof search in higher-order logic. This chapter introduces the details, attempting to avoid any dependence on past logic programming experience. *) |
27 | 27 |
28 | 28 |
29 (** * Introducing Logic Programming *) | 29 (** * Introducing Logic Programming *) |
73 Example four_plus_three : 4 + 3 = 7. | 73 Example four_plus_three : 4 + 3 = 7. |
74 (* begin thide *) | 74 (* begin thide *) |
75 reflexivity. | 75 reflexivity. |
76 Qed. | 76 Qed. |
77 (* end thide *) | 77 (* end thide *) |
78 | |
79 (* begin hide *) | |
80 Definition er := @eq_refl. | |
81 (* end hide *) | |
78 | 82 |
79 Print four_plus_three. | 83 Print four_plus_three. |
80 (** %\vspace{-.15in}%[[ | 84 (** %\vspace{-.15in}%[[ |
81 four_plus_three = eq_refl | 85 four_plus_three = eq_refl |
82 ]] | 86 ]] |
503 Abort. | 507 Abort. |
504 (* end thide *) | 508 (* end thide *) |
505 | 509 |
506 (** We see that the two unification variables stand for the two elements of the list. Indeed, list length is independent of data values. Paradoxically, we can make the proof search process easier by constraining the list further, so that proof search naturally locates appropriate data elements by unification. The library predicate [Forall] will be helpful. *) | 510 (** We see that the two unification variables stand for the two elements of the list. Indeed, list length is independent of data values. Paradoxically, we can make the proof search process easier by constraining the list further, so that proof search naturally locates appropriate data elements by unification. The library predicate [Forall] will be helpful. *) |
507 | 511 |
512 (* begin hide *) | |
513 Definition Forall_c := (@Forall_nil, @Forall_cons). | |
514 (* end hide *) | |
515 | |
508 Print Forall. | 516 Print Forall. |
509 (** %\vspace{-.15in}%[[ | 517 (** %\vspace{-.15in}%[[ |
510 Inductive Forall (A : Type) (P : A -> Prop) : list A -> Prop := | 518 Inductive Forall (A : Type) (P : A -> Prop) : list A -> Prop := |
511 Forall_nil : Forall P nil | 519 Forall_nil : Forall P nil |
512 | Forall_cons : forall (x : A) (l : list A), | 520 | Forall_cons : forall (x : A) (l : list A), |
520 eauto 9. | 528 eauto 9. |
521 Qed. | 529 Qed. |
522 (* end thide *) | 530 (* end thide *) |
523 | 531 |
524 (** We can see which list [eauto] found by printing the proof term. *) | 532 (** We can see which list [eauto] found by printing the proof term. *) |
533 | |
534 (* begin hide *) | |
535 Definition conj' := (conj, le_n). | |
536 (* end hide *) | |
525 | 537 |
526 Print length_is_2. | 538 Print length_is_2. |
527 (** %\vspace{-.15in}%[[ | 539 (** %\vspace{-.15in}%[[ |
528 length_is_2 = | 540 length_is_2 = |
529 ex_intro | 541 ex_intro |
659 (* begin thide *) | 671 (* begin thide *) |
660 eauto. | 672 eauto. |
661 Qed. | 673 Qed. |
662 (* end thide *) | 674 (* end thide *) |
663 | 675 |
676 (* begin hide *) | |
677 Definition e1s := eval1'_subproof. | |
678 (* end hide *) | |
679 | |
664 Print eval1'. | 680 Print eval1'. |
665 (** %\vspace{-.15in}%[[ | 681 (** %\vspace{-.15in}%[[ |
666 eval1' = | 682 eval1' = |
667 fun var : nat => | 683 fun var : nat => |
668 EvalPlus' (EvalVar var) (EvalPlus (EvalConst var 8) (EvalVar var)) | 684 EvalPlus' (EvalVar var) (EvalPlus (EvalConst var 8) (EvalVar var)) |
779 (** By printing the proof term, it is possible to see the procedure that is used to choose the constants for each input term. *) | 795 (** By printing the proof term, it is possible to see the procedure that is used to choose the constants for each input term. *) |
780 | 796 |
781 | 797 |
782 (** * More on [auto] Hints *) | 798 (** * More on [auto] Hints *) |
783 | 799 |
784 (** Let us stop at this point and take stock of the possibilities for [auto] and [eauto] hints. Hints are contained within _hint databases_, which we have seen extended in many examples so far. When no hint database is specified, a default database is used. Hints in the default database are always used by [auto] or [eauto]. The chance to extend hint databases imperatively is important, because, in Ltac programming, we cannot create %``%#"#global variables#"#%''% whose values can be extended seamlessly by different modules in different source files. We have seen the advantages of hints so far, where [crush] can be defined once and for all, while still automatically applying the hints we add throughout developments. In fact, [crush] is defined in terms of [auto], which explains how we achieve this extensibility. Other user-defined tactics can take similar advantage of [auto] and [eauto]. | 800 (** Let us stop at this point and take stock of the possibilities for [auto] and [eauto] hints. Hints are contained within _hint databases_, which we have seen extended in many examples so far. When no hint database is specified, a default database is used. Hints in the default database are always used by [auto] or [eauto]. The chance to extend hint databases imperatively is important, because, in Ltac programming, we cannot create "global variables" whose values can be extended seamlessly by different modules in different source files. We have seen the advantages of hints so far, where [crush] can be defined once and for all, while still automatically applying the hints we add throughout developments. In fact, [crush] is defined in terms of [auto], which explains how we achieve this extensibility. Other user-defined tactics can take similar advantage of [auto] and [eauto]. |
785 | 801 |
786 The basic hints for [auto] and [eauto] are %\index{Vernacular commands!Hint Immediate}%[Hint Immediate lemma], asking to try solving a goal immediately by applying a lemma and discharging any hypotheses with a single proof step each; %\index{Vernacular commands!Hint Resolve}%[Resolve lemma], which does the same but may add new premises that are themselves to be subjects of nested proof search; %\index{Vernacular commands!Hint Constructors}%[Constructors type], which acts like [Resolve] applied to every constructor of an inductive type; and %\index{Vernacular commands!Hint Unfold}%[Unfold ident], which tries unfolding [ident] when it appears at the head of a proof goal. Each of these [Hint] commands may be used with a suffix, as in [Hint Resolve lemma : my_db]. This adds the hint only to the specified database, so that it would only be used by, for instance, [auto with my_db]. An additional argument to [auto] specifies the maximum depth of proof trees to search in depth-first order, as in [auto 8] or [auto 8 with my_db]. The default depth is 5. | 802 The basic hints for [auto] and [eauto] are %\index{Vernacular commands!Hint Immediate}%[Hint Immediate lemma], asking to try solving a goal immediately by applying a lemma and discharging any hypotheses with a single proof step each; %\index{Vernacular commands!Hint Resolve}%[Resolve lemma], which does the same but may add new premises that are themselves to be subjects of nested proof search; %\index{Vernacular commands!Hint Constructors}%[Constructors type], which acts like [Resolve] applied to every constructor of an inductive type; and %\index{Vernacular commands!Hint Unfold}%[Unfold ident], which tries unfolding [ident] when it appears at the head of a proof goal. Each of these [Hint] commands may be used with a suffix, as in [Hint Resolve lemma : my_db]. This adds the hint only to the specified database, so that it would only be used by, for instance, [auto with my_db]. An additional argument to [auto] specifies the maximum depth of proof trees to search in depth-first order, as in [auto 8] or [auto 8 with my_db]. The default depth is 5. |
787 | 803 |
788 All of these [Hint] commands can be issued alternatively with a more primitive hint kind, [Extern]. A few more examples of [Hint Extern] should illustrate more of the possibilities. *) | 804 All of these [Hint] commands can be issued alternatively with a more primitive hint kind, [Extern]. A few more examples of [Hint Extern] should illustrate more of the possibilities. *) |
789 | 805 |
792 auto. | 808 auto. |
793 | 809 |
794 (** A call to [crush] would have discharged this goal, but the default hint database for [auto] contains no hint that applies. *) | 810 (** A call to [crush] would have discharged this goal, but the default hint database for [auto] contains no hint that applies. *) |
795 | 811 |
796 Abort. | 812 Abort. |
813 | |
814 (* begin hide *) | |
815 Definition boool := bool. | |
816 (* end hide *) | |
797 | 817 |
798 (** It is hard to come up with a [bool]-specific hint that is not just a restatement of the theorem we mean to prove. Luckily, a simpler form suffices, by appealing to the built-in tactic %\index{tactics!congruence}%[congruence], a complete procedure for the theory of equality, uninterpreted functions, and datatype constructors. *) | 818 (** It is hard to come up with a [bool]-specific hint that is not just a restatement of the theorem we mean to prove. Luckily, a simpler form suffices, by appealing to the built-in tactic %\index{tactics!congruence}%[congruence], a complete procedure for the theory of equality, uninterpreted functions, and datatype constructors. *) |
799 | 819 |
800 Hint Extern 1 (_ <> _) => congruence. | 820 Hint Extern 1 (_ <> _) => congruence. |
801 | 821 |
829 | 849 |
830 (** We see that an [Extern] pattern may bind unification variables that we use in the associated tactic. The function [proj1] is from the standard library, for extracting a proof of [R] from a proof of [R /\ S]. *) | 850 (** We see that an [Extern] pattern may bind unification variables that we use in the associated tactic. The function [proj1] is from the standard library, for extracting a proof of [R] from a proof of [R /\ S]. *) |
831 | 851 |
832 End forall_and. | 852 End forall_and. |
833 | 853 |
854 (* begin hide *) | |
855 Definition noot := (not, @eq). | |
856 (* end hide *) | |
857 | |
834 (** After our success on this example, we might get more ambitious and seek to generalize the hint to all possible predicates [P]. | 858 (** After our success on this example, we might get more ambitious and seek to generalize the hint to all possible predicates [P]. |
835 [[ | 859 [[ |
836 Hint Extern 1 (?P ?X) => | 860 Hint Extern 1 (?P ?X) => |
837 match goal with | 861 match goal with |
838 | [ H : forall x, P x /\ _ |- _ ] => apply (proj1 (H X)) | 862 | [ H : forall x, P x /\ _ |- _ ] => apply (proj1 (H X)) |
839 end. | 863 end. |
840 ]] | 864 ]] |
841 << | 865 << |
842 User error: Bound head variable | 866 User error: Bound head variable |
843 >> | 867 >> |
844 | 868 |
870 | 894 |
871 Lemma f_f_f : forall x, f (f (f x)) = f x. | 895 Lemma f_f_f : forall x, f (f (f x)) = f x. |
872 intros; autorewrite with core; reflexivity. | 896 intros; autorewrite with core; reflexivity. |
873 Qed. | 897 Qed. |
874 | 898 |
875 (** There are a few ways in which [autorewrite] can lead to trouble when insufficient care is taken in choosing hints. First, the set of hints may define a nonterminating rewrite system, in which case invocations to [autorewrite] may not terminate. Second, we may add hints that %``%#"#lead [autorewrite] down the wrong path.#"#%''% For instance: *) | 899 (** There are a few ways in which [autorewrite] can lead to trouble when insufficient care is taken in choosing hints. First, the set of hints may define a nonterminating rewrite system, in which case invocations to [autorewrite] may not terminate. Second, we may add hints that "lead [autorewrite] down the wrong path." For instance: *) |
876 | 900 |
877 Section garden_path. | 901 Section garden_path. |
878 Variable g : A -> A. | 902 Variable g : A -> A. |
879 Hypothesis f_g : forall x, f x = g x. | 903 Hypothesis f_g : forall x, f x = g x. |
880 Hint Rewrite f_g. | 904 Hint Rewrite f_g. |
887 ]] | 911 ]] |
888 *) | 912 *) |
889 | 913 |
890 Abort. | 914 Abort. |
891 | 915 |
892 (** Our new hint was used to rewrite the goal into a form where the old hint could no longer be applied. This %``%#"#non-monotonicity#"#%''% of rewrite hints contrasts with the situation for [auto], where new hints may slow down proof search but can never %``%#"#break#"#%''% old proofs. The key difference is that [auto] either solves a goal or makes no changes to it, while [autorewrite] may change goals without solving them. The situation for [eauto] is slightly more complicated, as changes to hint databases may change the proof found for a particular goal, and that proof may influence the settings of unification variables that appear elsewhere in the proof state. *) | 916 (** Our new hint was used to rewrite the goal into a form where the old hint could no longer be applied. This "non-monotonicity" of rewrite hints contrasts with the situation for [auto], where new hints may slow down proof search but can never "break" old proofs. The key difference is that [auto] either solves a goal or makes no changes to it, while [autorewrite] may change goals without solving them. The situation for [eauto] is slightly more complicated, as changes to hint databases may change the proof found for a particular goal, and that proof may influence the settings of unification variables that appear elsewhere in the proof state. *) |
893 | 917 |
894 Reset garden_path. | 918 Reset garden_path. |
895 | 919 |
896 (** The [autorewrite] tactic also works with quantified equalities that include additional premises, but we must be careful to avoid similar incorrect rewritings. *) | 920 (** The [autorewrite] tactic also works with quantified equalities that include additional premises, but we must be careful to avoid similar incorrect rewritings. *) |
897 | 921 |