Mercurial > cpdt > repo

comparison src/Equality.v @ 437:8077352044b2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
A pass over all formatting, after big pile of coqdoc changes
author Adam Chlipala <adam@chlipala.net>
date Fri, 27 Jul 2012 16:47:28 -0400
parents 5d5e44f905c7
children 0d66f1a710b8
comparison
equal deleted inserted replaced
436:5d5e44f905c7 437:8077352044b2
152 | n1 :: ls1' , n2 :: ls2' => n1 + n2 :: addLists' ls1' ls2' 152 | n1 :: ls1' , n2 :: ls2' => n1 + n2 :: addLists' ls1' ls2'
153 | _, _ => nil 153 | _, _ => nil
154 end. 154 end.
155 155
156 (* begin hide *) 156 (* begin hide *)
157 Definition foo := @eq. 157 (* begin thide *)
158 Definition foo := (@eq, plus).
159 (* end thide *)
158 (* end hide *) 160 (* end hide *)
159 161
160 Eval compute in fun ls => addLists' ls nil. 162 Eval compute in fun ls => addLists' ls nil.
161 (** %\vspace{-.15in}%[[ 163 (** %\vspace{-.15in}%[[
162 = fun ls : list nat => match ls with 164 = fun ls : list nat => match ls with
212 End fhlist. 214 End fhlist.
213 215
214 Implicit Arguments fhget [A B elm ls]. 216 Implicit Arguments fhget [A B elm ls].
215 217
216 (* begin hide *) 218 (* begin hide *)
219 (* begin thide *)
217 Definition map := O. 220 Definition map := O.
221 (* end thide *)
218 (* end hide *) 222 (* end hide *)
219 223
220 (** We can define a [map]-like function for [fhlist]s. *) 224 (** We can define a [map]-like function for [fhlist]s. *)
221 225
222 Section fhlist_map. 226 Section fhlist_map.
231 end. 235 end.
232 236
233 Implicit Arguments fhmap [ls]. 237 Implicit Arguments fhmap [ls].
234 238
235 (* begin hide *) 239 (* begin hide *)
240 (* begin thide *)
236 Definition ilist := O. 241 Definition ilist := O.
237 Definition get := O. 242 Definition get := O.
238 Definition imap := O. 243 Definition imap := O.
244 (* end thide *)
239 (* end hide *) 245 (* end hide *)
240 246
241 (** For the inductive versions of the [ilist] definitions, we proved a lemma about the interaction of [get] and [imap]. It was a strategic choice not to attempt such a proof for the definitions that we just gave, because that sets us on a collision course with the problems that are the subject of this chapter. *) 247 (** For the inductive versions of the [ilist] definitions, we proved a lemma about the interaction of [get] and [imap]. It was a strategic choice not to attempt such a proof for the definitions that we just gave, because that sets us on a collision course with the problems that are the subject of this chapter. *)
242 248
243 Variable elm : A. 249 Variable elm : A.
367 (* end thide *) 373 (* end thide *)
368 374
369 (** We can try to prove a lemma that would simplify proofs of many facts like [lemma2]: *) 375 (** We can try to prove a lemma that would simplify proofs of many facts like [lemma2]: *)
370 376
371 (* begin hide *) 377 (* begin hide *)
378 (* begin thide *)
372 Definition lemma3' := O. 379 Definition lemma3' := O.
380 (* end thide *)
373 (* end hide *) 381 (* end hide *)
374 382
375 Lemma lemma3 : forall (x : A) (pf : x = x), pf = eq_refl x. 383 Lemma lemma3 : forall (x : A) (pf : x = x), pf = eq_refl x.
376 (* begin thide *) 384 (* begin thide *)
377 (** %\vspace{-.25in}%[[ 385 (** %\vspace{-.25in}%[[
426 ]] 434 ]]
427 435
428 The axiom %\index{Gallina terms!eq\_rect\_eq}%[eq_rect_eq] states a "fact" that seems like common sense, once the notation is deciphered. The term [eq_rect] is the automatically generated recursion principle for [eq]. Calling [eq_rect] is another way of [match]ing on an equality proof. The proof we match on is the argument [h], and [x] is the body of the [match]. The statement of [eq_rect_eq] just says that [match]es on proofs of [p = p], for any [p], are superfluous and may be removed. We can see this intuition better in code by asking Coq to simplify the theorem statement with the [compute] reduction strategy (which, by the way, applies all applicable rules of the definitional equality presented in this chapter's first section). *) 436 The axiom %\index{Gallina terms!eq\_rect\_eq}%[eq_rect_eq] states a "fact" that seems like common sense, once the notation is deciphered. The term [eq_rect] is the automatically generated recursion principle for [eq]. Calling [eq_rect] is another way of [match]ing on an equality proof. The proof we match on is the argument [h], and [x] is the body of the [match]. The statement of [eq_rect_eq] just says that [match]es on proofs of [p = p], for any [p], are superfluous and may be removed. We can see this intuition better in code by asking Coq to simplify the theorem statement with the [compute] reduction strategy (which, by the way, applies all applicable rules of the definitional equality presented in this chapter's first section). *)
429 437
430 (* begin hide *) 438 (* begin hide *)
439 (* begin thide *)
431 Definition False' := False. 440 Definition False' := False.
441 (* end thide *)
432 (* end hide *) 442 (* end hide *)
433 443
434 Eval compute in (forall (U : Type) (p : U) (Q : U -> Type) (x : Q p) (h : p = p), 444 Eval compute in (forall (U : Type) (p : U) (Q : U -> Type) (x : Q p) (h : p = p),
435 x = eq_rect p Q x p h). 445 x = eq_rect p Q x p h).
436 (** %\vspace{-.15in}%[[ 446 (** %\vspace{-.15in}%[[
443 Perhaps surprisingly, we cannot prove [eq_rect_eq] from within Coq. This proposition is introduced as an %\index{axioms}%axiom; that is, a proposition asserted as true without proof. We cannot assert just any statement without proof. Adding [False] as an axiom would allow us to prove any proposition, for instance, defeating the point of using a proof assistant. In general, we need to be sure that we never assert _inconsistent_ sets of axioms. A set of axioms is inconsistent if its conjunction implies [False]. For the case of [eq_rect_eq], consistency has been verified outside of Coq via "informal" metatheory%~\cite{AxiomK}%, in a study that also established unprovability of the axiom in CIC. 453 Perhaps surprisingly, we cannot prove [eq_rect_eq] from within Coq. This proposition is introduced as an %\index{axioms}%axiom; that is, a proposition asserted as true without proof. We cannot assert just any statement without proof. Adding [False] as an axiom would allow us to prove any proposition, for instance, defeating the point of using a proof assistant. In general, we need to be sure that we never assert _inconsistent_ sets of axioms. A set of axioms is inconsistent if its conjunction implies [False]. For the case of [eq_rect_eq], consistency has been verified outside of Coq via "informal" metatheory%~\cite{AxiomK}%, in a study that also established unprovability of the axiom in CIC.
444 454
445 This axiom is equivalent to another that is more commonly known and mentioned in type theory circles. *) 455 This axiom is equivalent to another that is more commonly known and mentioned in type theory circles. *)
446 456
447 (* begin hide *) 457 (* begin hide *)
448 Definition Streicher_K' := (Streicher_K, UIP_refl__Streicher_K). 458 (* begin thide *)
459 Definition Streicher_K' := UIP_refl__Streicher_K.
460 (* end thide *)
449 (* end hide *) 461 (* end hide *)
450 462
451 Print Streicher_K. 463 Print Streicher_K.
452 (* end thide *) 464 (* end thide *)
453 (** %\vspace{-.15in}% [[ 465 (** %\vspace{-.15in}% [[
460 This is the unfortunately named %\index{axiom K}%"Streicher's axiom K," which says that a predicate on properly typed equality proofs holds of all such proofs if it holds of reflexivity. *) 472 This is the unfortunately named %\index{axiom K}%"Streicher's axiom K," which says that a predicate on properly typed equality proofs holds of all such proofs if it holds of reflexivity. *)
461 473
462 End fhlist_map. 474 End fhlist_map.
463 475
464 (* begin hide *) 476 (* begin hide *)
477 (* begin thide *)
465 Require Eqdep_dec. 478 Require Eqdep_dec.
479 (* end thide *)
466 (* end hide *) 480 (* end hide *)
467 481
468 (** It is worth remarking that it is possible to avoid axioms altogether for equalities on types with decidable equality. The [Eqdep_dec] module of the standard library contains a parametric proof of [UIP_refl] for such cases. To simplify presentation, we will stick with the axiom version in the rest of this chapter. *) 482 (** It is worth remarking that it is possible to avoid axioms altogether for equalities on types with decidable equality. The [Eqdep_dec] module of the standard library contains a parametric proof of [UIP_refl] for such cases. To simplify presentation, we will stick with the axiom version in the rest of this chapter. *)
469 483
470 484