diff options
Diffstat (limited to 'doc/refman')
| -rw-r--r-- | doc/refman/CanonicalStructures.tex | 383 | ||||
| -rw-r--r-- | doc/refman/Cases.tex | 843 | ||||
| -rw-r--r-- | doc/refman/Classes.tex | 27 | ||||
| -rw-r--r-- | doc/refman/Coercion.tex | 8 | ||||
| -rw-r--r-- | doc/refman/Micromega.tex | 256 | ||||
| -rw-r--r-- | doc/refman/Omega.tex | 249 | ||||
| -rw-r--r-- | doc/refman/RefMan-cic.tex | 1881 | ||||
| -rw-r--r-- | doc/refman/RefMan-com.tex | 388 | ||||
| -rw-r--r-- | doc/refman/RefMan-ext.tex | 2152 | ||||
| -rw-r--r-- | doc/refman/RefMan-ide.tex | 312 | ||||
| -rw-r--r-- | doc/refman/RefMan-int.tex | 143 | ||||
| -rw-r--r-- | doc/refman/RefMan-lib.tex | 1111 | ||||
| -rw-r--r-- | doc/refman/RefMan-ltac.tex | 28 | ||||
| -rw-r--r-- | doc/refman/RefMan-mod.tex | 428 | ||||
| -rw-r--r-- | doc/refman/RefMan-modr.tex | 564 | ||||
| -rw-r--r-- | doc/refman/RefMan-oth.tex | 5 | ||||
| -rw-r--r-- | doc/refman/RefMan-pre.tex | 1351 | ||||
| -rw-r--r-- | doc/refman/RefMan-pro.tex | 8 | ||||
| -rw-r--r-- | doc/refman/RefMan-sch.tex | 446 | ||||
| -rw-r--r-- | doc/refman/RefMan-ssr.tex | 4933 | ||||
| -rw-r--r-- | doc/refman/RefMan-syn.tex | 1251 | ||||
| -rw-r--r-- | doc/refman/RefMan-tac.tex | 5420 | ||||
| -rw-r--r-- | doc/refman/RefMan-tacex.tex | 930 | ||||
| -rw-r--r-- | doc/refman/Reference-Manual.tex | 17 | ||||
| -rw-r--r-- | doc/refman/Universes.tex | 14 |
25 files changed, 47 insertions, 23101 deletions
diff --git a/doc/refman/CanonicalStructures.tex b/doc/refman/CanonicalStructures.tex deleted file mode 100644 index 8961b00964..0000000000 --- a/doc/refman/CanonicalStructures.tex +++ /dev/null @@ -1,383 +0,0 @@ -\achapter{Canonical Structures} -%HEVEA\cutname{canonical-structures.html} -\aauthor{Assia Mahboubi and Enrico Tassi} - -\label{CS-full} -\index{Canonical Structures!presentation} - -\noindent This chapter explains the basics of Canonical Structure and how they can be used -to overload notations and build a hierarchy of algebraic structures. -The examples are taken from~\cite{CSwcu}. We invite the interested reader -to refer to this paper for all the details that are omitted here for brevity. -The interested reader shall also find in~\cite{CSlessadhoc} a detailed -description of another, complementary, use of Canonical Structures: -advanced proof search. This latter papers also presents many techniques one -can employ to tune the inference of Canonical Structures. - -\section{Notation overloading} - -We build an infix notation $==$ for a comparison predicate. Such notation -will be overloaded, and its meaning will depend on the types of the terms -that are compared. - -\begin{coq_eval} -Require Import Arith. -\end{coq_eval} - -\begin{coq_example} -Module EQ. - Record class (T : Type) := Class { cmp : T -> T -> Prop }. - Structure type := Pack { obj : Type; class_of : class obj }. - Definition op (e : type) : obj e -> obj e -> Prop := - let 'Pack _ (Class _ the_cmp) := e in the_cmp. - Check op. - Arguments op {e} x y : simpl never. - Arguments Class {T} cmp. - Module theory. - Notation "x == y" := (op x y) (at level 70). - End theory. -End EQ. -\end{coq_example} - -We use Coq modules as name spaces. This allows us to follow the same pattern -and naming convention for the rest of the chapter. The base name space -contains the definitions of the algebraic structure. To keep the example -small, the algebraic structure \texttt{EQ.type} we are defining is very simplistic, -and characterizes terms on which a binary relation is defined, without -requiring such relation to validate any property. -The inner \texttt{theory} module contains the overloaded notation \texttt{==} and -will eventually contain lemmas holding on all the instances of the -algebraic structure (in this case there are no lemmas). - -Note that in practice the user may want to declare \texttt{EQ.obj} as a coercion, -but we will not do that here. - -The following line tests that, when we assume a type \texttt{e} that is in the -\texttt{EQ} class, then we can relates two of its objects with \texttt{==}. - -\begin{coq_example} -Import EQ.theory. -Check forall (e : EQ.type) (a b : EQ.obj e), a == b. -\end{coq_example} - -Still, no concrete type is in the \texttt{EQ} class. We amend that by equipping \texttt{nat} -with a comparison relation. - -\begin{coq_example} -Fail Check 3 == 3. -Definition nat_eq (x y : nat) := nat_compare x y = Eq. -Definition nat_EQcl : EQ.class nat := EQ.Class nat_eq. -Canonical Structure nat_EQty : EQ.type := EQ.Pack nat nat_EQcl. -Check 3 == 3. -Eval compute in 3 == 4. -\end{coq_example} - -This last test shows that Coq is now not only able to typecheck \texttt{3==3}, but -also that the infix relation was bound to the \texttt{nat\_eq} relation. This -relation is selected whenever \texttt{==} is used on terms of type \texttt{nat}. This -can be read in the line declaring the canonical structure \texttt{nat\_EQty}, -where the first argument to \texttt{Pack} is the key and its second argument -a group of canonical values associated to the key. In this case we associate -to \texttt{nat} only one canonical value (since its class, \texttt{nat\_EQcl} has just one -member). The use of the projection \texttt{op} requires its argument to be in -the class \texttt{EQ}, and uses such a member (function) to actually compare -its arguments. - -Similarly, we could equip any other type with a comparison relation, and -use the \texttt{==} notation on terms of this type. - -\subsection{Derived Canonical Structures} - -We know how to use \texttt{==} on base types, like \texttt{nat}, \texttt{bool}, \texttt{Z}. -Here we show how to deal with type constructors, i.e. how to make the -following example work: - -\begin{coq_example} -Fail Check forall (e : EQ.type) (a b : EQ.obj e), (a,b) == (a,b). -\end{coq_example} - -The error message is telling that Coq has no idea on how to compare -pairs of objects. The following construction is telling Coq exactly how to do -that. - -\begin{coq_example} -Definition pair_eq (e1 e2 : EQ.type) (x y : EQ.obj e1 * EQ.obj e2) := - fst x == fst y /\ snd x == snd y. -Definition pair_EQcl e1 e2 := EQ.Class (pair_eq e1 e2). -Canonical Structure pair_EQty (e1 e2 : EQ.type) : EQ.type := - EQ.Pack (EQ.obj e1 * EQ.obj e2) (pair_EQcl e1 e2). -Check forall (e : EQ.type) (a b : EQ.obj e), (a,b) == (a,b). -Check forall n m : nat, (3,4) == (n,m). -\end{coq_example} - -Thanks to the \texttt{pair\_EQty} declaration, Coq is able to build a comparison -relation for pairs whenever it is able to build a comparison relation -for each component of the pair. The declaration associates to the key -\texttt{*} (the type constructor of pairs) the canonical comparison relation -\texttt{pair\_eq} whenever the type constructor \texttt{*} is applied to two types -being themselves in the \texttt{EQ} class. - -\section{Hierarchy of structures} - -To get to an interesting example we need another base class to be available. -We choose the class of types that are equipped with an order relation, -to which we associate the infix \texttt{<=} notation. - -\begin{coq_example} -Module LE. - Record class T := Class { cmp : T -> T -> Prop }. - Structure type := Pack { obj : Type; class_of : class obj }. - Definition op (e : type) : obj e -> obj e -> Prop := - let 'Pack _ (Class _ f) := e in f. - Arguments op {_} x y : simpl never. - Arguments Class {T} cmp. - Module theory. - Notation "x <= y" := (op x y) (at level 70). - End theory. -End LE. -\end{coq_example} - -As before we register a canonical \texttt{LE} class for \texttt{nat}. - -\begin{coq_example} -Import LE.theory. -Definition nat_le x y := nat_compare x y <> Gt. -Definition nat_LEcl : LE.class nat := LE.Class nat_le. -Canonical Structure nat_LEty : LE.type := LE.Pack nat nat_LEcl. -\end{coq_example} - -And we enable Coq to relate pair of terms with \texttt{<=}. - -\begin{coq_example} -Definition pair_le e1 e2 (x y : LE.obj e1 * LE.obj e2) := - fst x <= fst y /\ snd x <= snd y. -Definition pair_LEcl e1 e2 := LE.Class (pair_le e1 e2). -Canonical Structure pair_LEty (e1 e2 : LE.type) : LE.type := - LE.Pack (LE.obj e1 * LE.obj e2) (pair_LEcl e1 e2). -Check (3,4,5) <= (3,4,5). -\end{coq_example} - -At the current stage we can use \texttt{==} and \texttt{<=} on concrete types, -like tuples of natural numbers, but we can't develop an algebraic -theory over the types that are equipped with both relations. - -\begin{coq_example} -Check 2 <= 3 /\ 2 == 2. -Fail Check forall (e : EQ.type) (x y : EQ.obj e), x <= y -> y <= x -> x == y. -Fail Check forall (e : LE.type) (x y : LE.obj e), x <= y -> y <= x -> x == y. -\end{coq_example} - -We need to define a new class that inherits from both \texttt{EQ} and \texttt{LE}. - -\begin{coq_example} -Module LEQ. - Record mixin (e : EQ.type) (le : EQ.obj e -> EQ.obj e -> Prop) := - Mixin { compat : forall x y : EQ.obj e, le x y /\ le y x <-> x == y }. - Record class T := Class { - EQ_class : EQ.class T; - LE_class : LE.class T; - extra : mixin (EQ.Pack T EQ_class) (LE.cmp T LE_class) }. - Structure type := _Pack { obj : Type; class_of : class obj }. - Arguments Mixin {e le} _. - Arguments Class {T} _ _ _. -\end{coq_example} - -The \texttt{mixin} component of the \texttt{LEQ} class contains all the extra content -we are adding to \texttt{EQ} and \texttt{LE}. In particular it contains the requirement -that the two relations we are combining are compatible. - -Unfortunately there is still an obstacle to developing the algebraic theory -of this new class. - -\begin{coq_example} - Module theory. - Fail Check forall (le : type) (n m : obj le), n <= m -> n <= m -> n == m. -\end{coq_example} - -The problem is that the two classes \texttt{LE} and \texttt{LEQ} are not yet related by -a subclass relation. In other words Coq does not see that an object -of the \texttt{LEQ} class is also an object of the \texttt{LE} class. - -The following two constructions tell Coq how to canonically build -the \texttt{LE.type} and \texttt{EQ.type} structure given an \texttt{LEQ.type} structure -on the same type. - -\begin{coq_example} - Definition to_EQ (e : type) : EQ.type := - EQ.Pack (obj e) (EQ_class _ (class_of e)). - Canonical Structure to_EQ. - Definition to_LE (e : type) : LE.type := - LE.Pack (obj e) (LE_class _ (class_of e)). - Canonical Structure to_LE. -\end{coq_example} -We can now formulate out first theorem on the objects of the \texttt{LEQ} structure. -\begin{coq_example} - Lemma lele_eq (e : type) (x y : obj e) : x <= y -> y <= x -> x == y. - now intros; apply (compat _ _ (extra _ (class_of e)) x y); split. Qed. - Arguments lele_eq {e} x y _ _. - End theory. -End LEQ. -Import LEQ.theory. -Check lele_eq. -\end{coq_example} - -Of course one would like to apply results proved in the algebraic -setting to any concrete instate of the algebraic structure. - -\begin{coq_example} -Example test_algebraic (n m : nat) : n <= m -> m <= n -> n == m. - Fail apply (lele_eq n m). Abort. -Example test_algebraic2 (l1 l2 : LEQ.type) (n m : LEQ.obj l1 * LEQ.obj l2) : - n <= m -> m <= n -> n == m. - Fail apply (lele_eq n m). Abort. -\end{coq_example} - -Again one has to tell Coq that the type \texttt{nat} is in the \texttt{LEQ} class, and how -the type constructor \texttt{*} interacts with the \texttt{LEQ} class. In the following -proofs are omitted for brevity. - -\begin{coq_example} -Lemma nat_LEQ_compat (n m : nat) : n <= m /\ m <= n <-> n == m. -\end{coq_example} -\begin{coq_eval} - -split. - unfold EQ.op; unfold LE.op; simpl; unfold nat_le; unfold nat_eq. - case (nat_compare_spec n m); [ reflexivity | | now intros _ [H _]; case H ]. - now intro H; apply nat_compare_gt in H; rewrite -> H; intros [_ K]; case K. -unfold EQ.op; unfold LE.op; simpl; unfold nat_le; unfold nat_eq. -case (nat_compare_spec n m); [ | intros H1 H2; discriminate H2 .. ]. -intro H; rewrite H; intros _; split; [ intro H1; discriminate H1 | ]. -case (nat_compare_eq_iff m m); intros _ H1. -now rewrite H1; auto; intro H2; discriminate H2. -Qed. -\end{coq_eval} -\begin{coq_example} -Definition nat_LEQmx := LEQ.Mixin nat_LEQ_compat. -Lemma pair_LEQ_compat (l1 l2 : LEQ.type) (n m : LEQ.obj l1 * LEQ.obj l2) : -n <= m /\ m <= n <-> n == m. -\end{coq_example} -\begin{coq_eval} - -case n; case m; unfold EQ.op; unfold LE.op; simpl. -intros n1 n2 m1 m2; split; [ intros [[Le1 Le2] [Ge1 Ge2]] | intros [H1 H2] ]. - now split; apply lele_eq. -case (LEQ.compat _ _ (LEQ.extra _ (LEQ.class_of l1)) m1 n1). -case (LEQ.compat _ _ (LEQ.extra _ (LEQ.class_of l2)) m2 n2). -intros _ H3 _ H4; apply H3 in H2; apply H4 in H1; clear H3 H4. -now case H1; case H2; split; split. -Qed. -\end{coq_eval} -\begin{coq_example} -Definition pair_LEQmx l1 l2 := LEQ.Mixin (pair_LEQ_compat l1 l2). -\end{coq_example} - -The following script registers an \texttt{LEQ} class for \texttt{nat} and for the -type constructor \texttt{*}. It also tests that they work as expected. - -Unfortunately, these declarations are very verbose. In the following -subsection we show how to make these declaration more compact. - -\begin{coq_example} -Module Add_instance_attempt. - Canonical Structure nat_LEQty : LEQ.type := - LEQ._Pack nat (LEQ.Class nat_EQcl nat_LEcl nat_LEQmx). - Canonical Structure pair_LEQty (l1 l2 : LEQ.type) : LEQ.type := - LEQ._Pack (LEQ.obj l1 * LEQ.obj l2) - (LEQ.Class - (EQ.class_of (pair_EQty (to_EQ l1) (to_EQ l2))) - (LE.class_of (pair_LEty (to_LE l1) (to_LE l2))) - (pair_LEQmx l1 l2)). - Example test_algebraic (n m : nat) : n <= m -> m <= n -> n == m. - now apply (lele_eq n m). Qed. - Example test_algebraic2 (n m : nat * nat) : n <= m -> m <= n -> n == m. - now apply (lele_eq n m). Qed. -End Add_instance_attempt. -\end{coq_example} - -Note that no direct proof of \texttt{n <= m -> m <= n -> n == m} is provided by the -user for \texttt{n} and \texttt{m} of type \texttt{nat * nat}. What the user provides is a proof of -this statement for \texttt{n} and \texttt{m} of type \texttt{nat} and a proof that the pair -constructor preserves this property. The combination of these two facts is a -simple form of proof search that Coq performs automatically while inferring -canonical structures. - -\subsection{Compact declaration of Canonical Structures} - -We need some infrastructure for that. - -\begin{coq_example*} -Require Import Strings.String. -\end{coq_example*} -\begin{coq_example} -Module infrastructure. - Inductive phantom {T : Type} (t : T) : Type := Phantom. - Definition unify {T1 T2} (t1 : T1) (t2 : T2) (s : option string) := - phantom t1 -> phantom t2. - Definition id {T} {t : T} (x : phantom t) := x. - Notation "[find v | t1 ~ t2 ] p" := (fun v (_ : unify t1 t2 None) => p) - (at level 50, v ident, only parsing). - Notation "[find v | t1 ~ t2 | s ] p" := (fun v (_ : unify t1 t2 (Some s)) => p) - (at level 50, v ident, only parsing). - Notation "'Error : t : s" := (unify _ t (Some s)) - (at level 50, format "''Error' : t : s"). - Open Scope string_scope. -End infrastructure. -\end{coq_example} - -To explain the notation \texttt{[find v | t1 \textasciitilde t2]} let us pick one -of its instances: \texttt{[find e | EQ.obj e \textasciitilde T | "is not an EQ.type" ]}. -It should be read as: ``find a class e such that its objects have type T -or fail with message "T is not an EQ.type"''. - -The other utilities are used to ask Coq to solve a specific unification -problem, that will in turn require the inference of some canonical -structures. They are explained in mode details in~\cite{CSwcu}. - -We now have all we need to create a compact ``packager'' to declare -instances of the \texttt{LEQ} class. - -\begin{coq_example} -Import infrastructure. -Definition packager T e0 le0 (m0 : LEQ.mixin e0 le0) := - [find e | EQ.obj e ~ T | "is not an EQ.type" ] - [find o | LE.obj o ~ T | "is not an LE.type" ] - [find ce | EQ.class_of e ~ ce ] - [find co | LE.class_of o ~ co ] - [find m | m ~ m0 | "is not the right mixin" ] - LEQ._Pack T (LEQ.Class ce co m). -Notation Pack T m := (packager T _ _ m _ id _ id _ id _ id _ id). -\end{coq_example} - -The object \texttt{Pack} takes a type \texttt{T} (the key) and a mixin \texttt{m}. It infers all -the other pieces of the class \texttt{LEQ} and declares them as canonical values -associated to the \texttt{T} key. All in all, the only new piece of information -we add in the \texttt{LEQ} class is the mixin, all the rest is already canonical -for \texttt{T} and hence can be inferred by Coq. - -\texttt{Pack} is a notation, hence it is not type checked at the time of its -declaration. It will be type checked when it is used, an in that case -\texttt{T} is going to be a concrete type. The odd arguments \texttt{\_} and \texttt{id} we -pass to the -packager represent respectively the classes to be inferred (like \texttt{e}, \texttt{o}, etc) and a token (\texttt{id}) to force their inference. Again, for all the details the -reader can refer to~\cite{CSwcu}. - -The declaration of canonical instances can now be way more compact: - -\begin{coq_example} -Canonical Structure nat_LEQty := Eval hnf in Pack nat nat_LEQmx. -Canonical Structure pair_LEQty (l1 l2 : LEQ.type) := - Eval hnf in Pack (LEQ.obj l1 * LEQ.obj l2) (pair_LEQmx l1 l2). -\end{coq_example} - -Error messages are also quite intelligible (if one skips to the end of -the message). - -\begin{coq_example} -Fail Canonical Structure err := Eval hnf in Pack bool nat_LEQmx. -\end{coq_example} - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% End: diff --git a/doc/refman/Cases.tex b/doc/refman/Cases.tex deleted file mode 100644 index 376ef031db..0000000000 --- a/doc/refman/Cases.tex +++ /dev/null @@ -1,843 +0,0 @@ -\achapter{Extended pattern-matching} -%HEVEA\cutname{cases.html} -%BEGIN LATEX -\defaultheaders -%END LATEX -\aauthor{Cristina Cornes and Hugo Herbelin} - -\label{Mult-match-full} -\ttindex{Cases} -\index{ML-like patterns} - -This section describes the full form of pattern-matching in {\Coq} terms. - -\asection{Patterns}\label{implementation} The full syntax of {\tt -match} is presented in Figures~\ref{term-syntax} -and~\ref{term-syntax-aux}. Identifiers in patterns are either -constructor names or variables. Any identifier that is not the -constructor of an inductive or co-inductive type is considered to be a -variable. A variable name cannot occur more than once in a given -pattern. It is recommended to start variable names by a lowercase -letter. - -If a pattern has the form $(c~\vec{x})$ where $c$ is a constructor -symbol and $\vec{x}$ is a linear vector of (distinct) variables, it is -called {\em simple}: it is the kind of pattern recognized by the basic -version of {\tt match}. On the opposite, if it is a variable $x$ or -has the form $(c~\vec{p})$ with $p$ not only made of variables, the -pattern is called {\em nested}. - -A variable pattern matches any value, and the identifier is bound to -that value. The pattern ``\texttt{\_}'' (called ``don't care'' or -``wildcard'' symbol) also matches any value, but does not bind -anything. It may occur an arbitrary number of times in a -pattern. Alias patterns written \texttt{(}{\sl pattern} \texttt{as} -{\sl identifier}\texttt{)} are also accepted. This pattern matches the -same values as {\sl pattern} does and {\sl identifier} is bound to the -matched value. -A pattern of the form {\pattern}{\tt |}{\pattern} is called -disjunctive. A list of patterns separated with commas is also -considered as a pattern and is called {\em multiple pattern}. However -multiple patterns can only occur at the root of pattern-matching -equations. Disjunctions of {\em multiple pattern} are allowed though. - -Since extended {\tt match} expressions are compiled into the primitive -ones, the expressiveness of the theory remains the same. Once the -stage of parsing has finished only simple patterns remain. Re-nesting -of pattern is performed at printing time. An easy way to see the -result of the expansion is to toggle off the nesting performed at -printing (use here {\tt Set Printing Matching}), then by printing the term -with \texttt{Print} if the term is a constant, or using the command -\texttt{Check}. - -The extended \texttt{match} still accepts an optional {\em elimination -predicate} given after the keyword \texttt{return}. Given a pattern -matching expression, if all the right-hand-sides of \texttt{=>} ({\em -rhs} in short) have the same type, then this type can be sometimes -synthesized, and so we can omit the \texttt{return} part. Otherwise -the predicate after \texttt{return} has to be provided, like for the basic -\texttt{match}. - -Let us illustrate through examples the different aspects of extended -pattern matching. Consider for example the function that computes the -maximum of two natural numbers. We can write it in primitive syntax -by: - -\begin{coq_example} -Fixpoint max (n m:nat) {struct m} : nat := - match n with - | O => m - | S n' => match m with - | O => S n' - | S m' => S (max n' m') - end - end. -\end{coq_example} - -\paragraph{Multiple patterns} - -Using multiple patterns in the definition of {\tt max} lets us write: - -\begin{coq_eval} -Reset max. -\end{coq_eval} -\begin{coq_example} -Fixpoint max (n m:nat) {struct m} : nat := - match n, m with - | O, _ => m - | S n', O => S n' - | S n', S m' => S (max n' m') - end. -\end{coq_example} - -which will be compiled into the previous form. - -The pattern-matching compilation strategy examines patterns from left -to right. A \texttt{match} expression is generated {\bf only} when -there is at least one constructor in the column of patterns. E.g. the -following example does not build a \texttt{match} expression. - -\begin{coq_example} -Check (fun x:nat => match x return nat with - | y => y - end). -\end{coq_example} - -\paragraph{Aliasing subpatterns} - -We can also use ``\texttt{as} {\ident}'' to associate a name to a -sub-pattern: - -\begin{coq_eval} -Reset max. -\end{coq_eval} -\begin{coq_example} -Fixpoint max (n m:nat) {struct n} : nat := - match n, m with - | O, _ => m - | S n' as p, O => p - | S n', S m' => S (max n' m') - end. -\end{coq_example} - -\paragraph{Nested patterns} - -Here is now an example of nested patterns: - -\begin{coq_example} -Fixpoint even (n:nat) : bool := - match n with - | O => true - | S O => false - | S (S n') => even n' - end. -\end{coq_example} - -This is compiled into: - -\begin{coq_example} -Unset Printing Matching. -Print even. -\end{coq_example} -\begin{coq_eval} -Set Printing Matching. -\end{coq_eval} - -In the previous examples patterns do not conflict with, but -sometimes it is comfortable to write patterns that admit a non -trivial superposition. Consider -the boolean function \texttt{lef} that given two natural numbers -yields \texttt{true} if the first one is less or equal than the second -one and \texttt{false} otherwise. We can write it as follows: - -\begin{coq_example} -Fixpoint lef (n m:nat) {struct m} : bool := - match n, m with - | O, x => true - | x, O => false - | S n, S m => lef n m - end. -\end{coq_example} - -Note that the first and the second multiple pattern superpose because -the couple of values \texttt{O O} matches both. Thus, what is the result -of the function on those values? To eliminate ambiguity we use the -{\em textual priority rule}: we consider patterns ordered from top to -bottom, then a value is matched by the pattern at the $ith$ row if and -only if it is not matched by some pattern of a previous row. Thus in the -example, -\texttt{O O} is matched by the first pattern, and so \texttt{(lef O O)} -yields \texttt{true}. - -Another way to write this function is: - -\begin{coq_eval} -Reset lef. -\end{coq_eval} -\begin{coq_example} -Fixpoint lef (n m:nat) {struct m} : bool := - match n, m with - | O, x => true - | S n, S m => lef n m - | _, _ => false - end. -\end{coq_example} - -Here the last pattern superposes with the first two. Because -of the priority rule, the last pattern -will be used only for values that do not match neither the first nor -the second one. - -Terms with useless patterns are not accepted by the -system. Here is an example: -% Test failure: "This clause is redundant." -\begin{coq_eval} -Set Printing Depth 50. -\end{coq_eval} -\begin{coq_example} -Fail Check (fun x:nat => - match x with - | O => true - | S _ => false - | x => true - end). -\end{coq_example} - -\paragraph{Disjunctive patterns} - -Multiple patterns that share the same right-hand-side can be -factorized using the notation \nelist{\multpattern}{\tt |}. For instance, -{\tt max} can be rewritten as follows: - -\begin{coq_eval} -Reset max. -\end{coq_eval} -\begin{coq_example} -Fixpoint max (n m:nat) {struct m} : nat := - match n, m with - | S n', S m' => S (max n' m') - | 0, p | p, 0 => p - end. -\end{coq_example} - -Similarly, factorization of (non necessary multiple) patterns -that share the same variables is possible by using the notation -\nelist{\pattern}{\tt |}. Here is an example: - -\begin{coq_example} -Definition filter_2_4 (n:nat) : nat := - match n with - | 2 as m | 4 as m => m - | _ => 0 - end. -\end{coq_example} - -Here is another example using disjunctive subpatterns. - -\begin{coq_example} -Definition filter_some_square_corners (p:nat*nat) : nat*nat := - match p with - | ((2 as m | 4 as m), (3 as n | 5 as n)) => (m,n) - | _ => (0,0) - end. -\end{coq_example} - -\asection{About patterns of parametric types} -\paragraph{Parameters in patterns} -When matching objects of a parametric type, parameters do not bind in patterns. -They must be substituted by ``\_''. -Consider for example the type of polymorphic lists: - -\begin{coq_example} -Inductive List (A:Set) : Set := - | nil : List A - | cons : A -> List A -> List A. -\end{coq_example} - -We can check the function {\em tail}: - -\begin{coq_example} -Check - (fun l:List nat => - match l with - | nil _ => nil nat - | cons _ _ l' => l' - end). -\end{coq_example} - - -When we use parameters in patterns there is an error message: -% Test failure: "The parameters do not bind in patterns." -\begin{coq_eval} -Set Printing Depth 50. -\end{coq_eval} -\begin{coq_example} -Fail Check - (fun l:List nat => - match l with - | nil A => nil nat - | cons A _ l' => l' - end). -\end{coq_example} - -The option {\tt Set Asymmetric Patterns} \optindex{Asymmetric Patterns} -(off by default) removes parameters from constructors in patterns: -\begin{coq_example} - Set Asymmetric Patterns. - Check (fun l:List nat => - match l with - | nil => nil - | cons _ l' => l' - end) - Unset Asymmetric Patterns. -\end{coq_example} - -\paragraph{Implicit arguments in patterns} -By default, implicit arguments are omitted in patterns. So we write: - -\begin{coq_example} -Arguments nil [A]. -Arguments cons [A] _ _. -Check - (fun l:List nat => - match l with - | nil => nil - | cons _ l' => l' - end). -\end{coq_example} - -But the possibility to use all the arguments is given by ``{\tt @}'' implicit -explicitations (as for terms~\ref{Implicits-explicitation}). - -\begin{coq_example} -Check - (fun l:List nat => - match l with - | @nil _ => @nil nat - | @cons _ _ l' => l' - end). -\end{coq_example} - -\asection{Matching objects of dependent types} -The previous examples illustrate pattern matching on objects of -non-dependent types, but we can also -use the expansion strategy to destructure objects of dependent type. -Consider the type \texttt{listn} of lists of a certain length: -\label{listn} - -\begin{coq_example} -Inductive listn : nat -> Set := - | niln : listn 0 - | consn : forall n:nat, nat -> listn n -> listn (S n). -\end{coq_example} - -\asubsection{Understanding dependencies in patterns} -We can define the function \texttt{length} over \texttt{listn} by: - -\begin{coq_example} -Definition length (n:nat) (l:listn n) := n. -\end{coq_example} - -Just for illustrating pattern matching, -we can define it by case analysis: - -\begin{coq_eval} -Reset length. -\end{coq_eval} -\begin{coq_example} -Definition length (n:nat) (l:listn n) := - match l with - | niln => 0 - | consn n _ _ => S n - end. -\end{coq_example} - -We can understand the meaning of this definition using the -same notions of usual pattern matching. - -% -% Constraining of dependencies is not longer valid in V7 -% -\iffalse -Now suppose we split the second pattern of \texttt{length} into two -cases so to give an -alternative definition using nested patterns: -\begin{coq_example} -Definition length1 (n:nat) (l:listn n) := - match l with - | niln => 0 - | consn n _ niln => S n - | consn n _ (consn _ _ _) => S n - end. -\end{coq_example} - -It is obvious that \texttt{length1} is another version of -\texttt{length}. We can also give the following definition: -\begin{coq_example} -Definition length2 (n:nat) (l:listn n) := - match l with - | niln => 0 - | consn n _ niln => 1 - | consn n _ (consn m _ _) => S (S m) - end. -\end{coq_example} - -If we forget that \texttt{listn} is a dependent type and we read these -definitions using the usual semantics of pattern matching, we can conclude -that \texttt{length1} -and \texttt{length2} are different functions. -In fact, they are equivalent -because the pattern \texttt{niln} implies that \texttt{n} can only match -the value $0$ and analogously the pattern \texttt{consn} determines that \texttt{n} can -only match values of the form $(S~v)$ where $v$ is the value matched by -\texttt{m}. - -The converse is also true. If -we destructure the length value with the pattern \texttt{O} then the list -value should be $niln$. -Thus, the following term \texttt{length3} corresponds to the function -\texttt{length} but this time defined by case analysis on the dependencies instead of on the list: - -\begin{coq_example} -Definition length3 (n:nat) (l:listn n) := - match l with - | niln => 0 - | consn O _ _ => 1 - | consn (S n) _ _ => S (S n) - end. -\end{coq_example} - -When we have nested patterns of dependent types, the semantics of -pattern matching becomes a little more difficult because -the set of values that are matched by a sub-pattern may be conditioned by the -values matched by another sub-pattern. Dependent nested patterns are -somehow constrained patterns. -In the examples, the expansion of -\texttt{length1} and \texttt{length2} yields exactly the same term - but the -expansion of \texttt{length3} is completely different. \texttt{length1} and -\texttt{length2} are expanded into two nested case analysis on -\texttt{listn} while \texttt{length3} is expanded into a case analysis on -\texttt{listn} containing a case analysis on natural numbers inside. - - -In practice the user can think about the patterns as independent and -it is the expansion algorithm that cares to relate them. \\ -\fi -% -% -% - -\asubsection{When the elimination predicate must be provided} -\paragraph{Dependent pattern matching} -The examples given so far do not need an explicit elimination predicate - because all the rhs have the same type and the -strategy succeeds to synthesize it. -Unfortunately when dealing with dependent patterns it often happens -that we need to write cases where the type of the rhs are -different instances of the elimination predicate. -The function \texttt{concat} for \texttt{listn} -is an example where the branches have different type -and we need to provide the elimination predicate: - -\begin{coq_example} -Fixpoint concat (n:nat) (l:listn n) (m:nat) (l':listn m) {struct l} : - listn (n + m) := - match l in listn n return listn (n + m) with - | niln => l' - | consn n' a y => consn (n' + m) a (concat n' y m l') - end. -\end{coq_example} -The elimination predicate is {\tt fun (n:nat) (l:listn n) => listn~(n+m)}. -In general if $m$ has type {\tt (}$I$ $q_1$ {\ldots} $q_r$ $t_1$ {\ldots} $t_s${\tt )} where -$q_1$, {\ldots}, $q_r$ are parameters, the elimination predicate should be of -the form~: -{\tt fun} $y_1$ {\ldots} $y_s$ $x${\tt :}($I$~$q_1$ {\ldots} $q_r$ $y_1$ {\ldots} - $y_s${\tt ) =>} $Q$. - -In the concrete syntax, it should be written~: -\[ \kw{match}~m~\kw{as}~x~\kw{in}~(I~\_~\mbox{\ldots}~\_~y_1~\mbox{\ldots}~y_s)~\kw{return}~Q~\kw{with}~\mbox{\ldots}~\kw{end}\] - -The variables which appear in the \kw{in} and \kw{as} clause are new -and bounded in the property $Q$ in the \kw{return} clause. The -parameters of the inductive definitions should not be mentioned and -are replaced by \kw{\_}. - -\paragraph{Multiple dependent pattern matching} -Recall that a list of patterns is also a pattern. So, when we destructure several -terms at the same time and the branches have different types we need to provide the -elimination predicate for this multiple pattern. It is done using the same -scheme, each term may be associated to an \kw{as} and \kw{in} clause in order to -introduce a dependent product. - -For example, an equivalent definition for \texttt{concat} (even though the -matching on the second term is trivial) would have been: - -\begin{coq_eval} -Reset concat. -\end{coq_eval} -\begin{coq_example} -Fixpoint concat (n:nat) (l:listn n) (m:nat) (l':listn m) {struct l} : - listn (n + m) := - match l in listn n, l' return listn (n + m) with - | niln, x => x - | consn n' a y, x => consn (n' + m) a (concat n' y m x) - end. -\end{coq_example} - -Even without real matching over the second term, this construction can be used to -keep types linked. If {\tt a} and {\tt b} are two {\tt listn} of the same length, -by writing -\begin{coq_eval} - Unset Printing Matching. -\end{coq_eval} -\begin{coq_example} -Check (fun n (a b: listn n) => match a,b with - |niln,b0 => tt - |consn n' a y, bS => tt -end). -\end{coq_example} -\begin{coq_eval} - Set Printing Matching. -\end{coq_eval} - -I have a copy of {\tt b} in type {\tt listn 0} resp {\tt listn (S n')}. - -% Notice that this time, the predicate \texttt{[n,\_:nat](listn (plus n -% m))} is binary because we -% destructure both \texttt{l} and \texttt{l'} whose types have arity one. -% In general, if we destructure the terms $e_1\ldots e_n$ -% the predicate will be of arity $m$ where $m$ is the sum of the -% number of dependencies of the type of $e_1, e_2,\ldots e_n$ -% (the $\lambda$-abstractions -% should correspond from left to right to each dependent argument of the -% type of $e_1\ldots e_n$). -% When the arity of the predicate (i.e. number of abstractions) is not -% correct Coq raises an error message. For example: - -% % Test failure -% \begin{coq_eval} -% Reset concat. -% Set Printing Depth 50. -% (********** The following is not correct and should produce ***********) -% (** Error: the term l' has type listn m while it is expected to have **) -% (** type listn (?31 + ?32) **) -% \end{coq_eval} -% \begin{coq_example} -% Fixpoint concat -% (n:nat) (l:listn n) (m:nat) -% (l':listn m) {struct l} : listn (n + m) := -% match l, l' with -% | niln, x => x -% | consn n' a y, x => consn (n' + m) a (concat n' y m x) -% end. -% \end{coq_example} - -\paragraph{Patterns in {\tt in}} -\label{match-in-patterns} - -If the type of the matched term is more precise than an inductive applied to -variables, arguments of the inductive in the {\tt in} branch can be more -complicated patterns than a variable. - -Moreover, constructors whose type do not follow the same pattern will -become impossible branches. In an impossible branch, you can answer -anything but {\tt False\_rect unit} has the advantage to be subterm of -anything. % ??? - -To be concrete: the {\tt tail} function can be written: -\begin{coq_example} -Definition tail n (v: listn (S n)) := - match v in listn (S m) return listn m with - | niln => False_rect unit - | consn n' a y => y - end. -\end{coq_example} -and {\tt tail n v} will be subterm of {\tt v}. - -\asection{Using pattern matching to write proofs} -In all the previous examples the elimination predicate does not depend -on the object(s) matched. But it may depend and the typical case -is when we write a proof by induction or a function that yields an -object of dependent type. An example of proof using \texttt{match} in -given in Section~\ref{refine-example}. - -For example, we can write -the function \texttt{buildlist} that given a natural number -$n$ builds a list of length $n$ containing zeros as follows: - -\begin{coq_example} -Fixpoint buildlist (n:nat) : listn n := - match n return listn n with - | O => niln - | S n => consn n 0 (buildlist n) - end. -\end{coq_example} - -We can also use multiple patterns. -Consider the following definition of the predicate less-equal -\texttt{Le}: - -\begin{coq_example} -Inductive LE : nat -> nat -> Prop := - | LEO : forall n:nat, LE 0 n - | LES : forall n m:nat, LE n m -> LE (S n) (S m). -\end{coq_example} - -We can use multiple patterns to write the proof of the lemma - \texttt{forall (n m:nat), (LE n m)}\verb=\/=\texttt{(LE m n)}: - -\begin{coq_example} -Fixpoint dec (n m:nat) {struct n} : LE n m \/ LE m n := - match n, m return LE n m \/ LE m n with - | O, x => or_introl (LE x 0) (LEO x) - | x, O => or_intror (LE x 0) (LEO x) - | S n as n', S m as m' => - match dec n m with - | or_introl h => or_introl (LE m' n') (LES n m h) - | or_intror h => or_intror (LE n' m') (LES m n h) - end - end. -\end{coq_example} -In the example of \texttt{dec}, -the first \texttt{match} is dependent while -the second is not. - -% In general, consider the terms $e_1\ldots e_n$, -% where the type of $e_i$ is an instance of a family type -% $\lb (\vec{d_i}:\vec{D_i}) \mto T_i$ ($1\leq i -% \leq n$). Then, in expression \texttt{match} $e_1,\ldots, -% e_n$ \texttt{of} \ldots \texttt{end}, the -% elimination predicate ${\cal P}$ should be of the form: -% $[\vec{d_1}:\vec{D_1}][x_1:T_1]\ldots [\vec{d_n}:\vec{D_n}][x_n:T_n]Q.$ - -The user can also use \texttt{match} in combination with the tactic -\texttt{refine} (see Section~\ref{refine}) to build incomplete proofs -beginning with a \texttt{match} construction. - -\asection{Pattern-matching on inductive objects involving local -definitions} - -If local definitions occur in the type of a constructor, then there are two ways -to match on this constructor. Either the local definitions are skipped and -matching is done only on the true arguments of the constructors, or the bindings -for local definitions can also be caught in the matching. - -Example. - -\begin{coq_eval} -Reset Initial. -Require Import Arith. -\end{coq_eval} - -\begin{coq_example*} -Inductive list : nat -> Set := - | nil : list 0 - | cons : forall n:nat, let m := (2 * n) in list m -> list (S (S m)). -\end{coq_example*} - -In the next example, the local definition is not caught. - -\begin{coq_example} -Fixpoint length n (l:list n) {struct l} : nat := - match l with - | nil => 0 - | cons n l0 => S (length (2 * n) l0) - end. -\end{coq_example} - -But in this example, it is. - -\begin{coq_example} -Fixpoint length' n (l:list n) {struct l} : nat := - match l with - | nil => 0 - | @cons _ m l0 => S (length' m l0) - end. -\end{coq_example} - -\Rem for a given matching clause, either none of the local definitions or all of -them can be caught. - -\Rem you can only catch {\tt let} bindings in mode where you bind all variables and so you -have to use @ syntax. - -\Rem this feature is incoherent with the fact that parameters cannot be caught and -consequently is somehow hidden. For example, there is no mention of it in error messages. - -\asection{Pattern-matching and coercions} - -If a mismatch occurs between the expected type of a pattern and its -actual type, a coercion made from constructors is sought. If such a -coercion can be found, it is automatically inserted around the -pattern. - -Example: - -\begin{coq_example} -Inductive I : Set := - | C1 : nat -> I - | C2 : I -> I. -Coercion C1 : nat >-> I. -Check (fun x => match x with - | C2 O => 0 - | _ => 0 - end). -\end{coq_example} - - -\asection{When does the expansion strategy fail ?}\label{limitations} -The strategy works very like in ML languages when treating -patterns of non-dependent type. -But there are new cases of failure that are due to the presence of -dependencies. - -The error messages of the current implementation may be sometimes -confusing. When the tactic fails because patterns are somehow -incorrect then error messages refer to the initial expression. But the -strategy may succeed to build an expression whose sub-expressions are -well typed when the whole expression is not. In this situation the -message makes reference to the expanded expression. We encourage -users, when they have patterns with the same outer constructor in -different equations, to name the variable patterns in the same -positions with the same name. -E.g. to write {\small\texttt{(cons n O x) => e1}} -and {\small\texttt{(cons n \_ x) => e2}} instead of -{\small\texttt{(cons n O x) => e1}} and -{\small\texttt{(cons n' \_ x') => e2}}. -This helps to maintain certain name correspondence between the -generated expression and the original. - -Here is a summary of the error messages corresponding to each situation: - -\begin{ErrMsgs} -\item \sverb{The constructor } {\sl - ident} \sverb{ expects } {\sl num} \sverb{ arguments} - - \sverb{The variable } {\sl ident} \sverb{ is bound several times - in pattern } {\sl term} - - \sverb{Found a constructor of inductive type } {\term} - \sverb{ while a constructor of } {\term} \sverb{ is expected} - - Patterns are incorrect (because constructors are not applied to - the correct number of the arguments, because they are not linear or - they are wrongly typed). - -\item \errindex{Non exhaustive pattern-matching} - -The pattern matching is not exhaustive. - -\item \sverb{The elimination predicate } {\sl term} \sverb{ should be - of arity } {\sl num} \sverb{ (for non dependent case) or } {\sl - num} \sverb{ (for dependent case)} - -The elimination predicate provided to \texttt{match} has not the - expected arity. - - -%\item the whole expression is wrongly typed - -% CADUC ? -% , or the synthesis of -% implicit arguments fails (for example to find the elimination -% predicate or to resolve implicit arguments in the rhs). - -% There are {\em nested patterns of dependent type}, the elimination -% predicate corresponds to non-dependent case and has the form -% $[x_1:T_1]...[x_n:T_n]T$ and {\bf some} $x_i$ occurs {\bf free} in -% $T$. Then, the strategy may fail to find out a correct elimination -% predicate during some step of compilation. In this situation we -% recommend the user to rewrite the nested dependent patterns into -% several \texttt{match} with {\em simple patterns}. - -\item {\tt Unable to infer a match predicate\\ - Either there is a type incompatibility or the problem involves\\ - dependencies} - - There is a type mismatch between the different branches. - The user should provide an elimination predicate. - -% Obsolete ? -% \item because of nested patterns, it may happen that even though all -% the rhs have the same type, the strategy needs dependent elimination -% and so an elimination predicate must be provided. The system warns -% about this situation, trying to compile anyway with the -% non-dependent strategy. The risen message is: - -% \begin{itemize} -% \item {\tt Warning: This pattern matching may need dependent -% elimination to be compiled. I will try, but if fails try again -% giving dependent elimination predicate.} -% \end{itemize} - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% % LA PROPAGATION DES CONTRAINTES ARRIERE N'EST PAS FAITE DANS LA V7 -% TODO -% \item there are {\em nested patterns of dependent type} and the -% strategy builds a term that is well typed but recursive calls in fix -% point are reported as illegal: -% \begin{itemize} -% \item {\tt Error: Recursive call applied to an illegal term ...} -% \end{itemize} - -% This is because the strategy generates a term that is correct w.r.t. -% the initial term but which does not pass the guard condition. In -% this situation we recommend the user to transform the nested dependent -% patterns into {\em several \texttt{match} of simple patterns}. Let us -% explain this with an example. Consider the following definition of a -% function that yields the last element of a list and \texttt{O} if it is -% empty: - -% \begin{coq_example} -% Fixpoint last [n:nat; l:(listn n)] : nat := -% match l of -% (consn _ a niln) => a -% | (consn m _ x) => (last m x) | niln => O -% end. -% \end{coq_example} - -% It fails because of the priority between patterns, we know that this -% definition is equivalent to the following more explicit one (which -% fails too): - -% \begin{coq_example*} -% Fixpoint last [n:nat; l:(listn n)] : nat := -% match l of -% (consn _ a niln) => a -% | (consn n _ (consn m b x)) => (last n (consn m b x)) -% | niln => O -% end. -% \end{coq_example*} - -% Note that the recursive call {\tt (last n (consn m b x))} is not -% guarded. When treating with patterns of dependent types the strategy -% interprets the first definition of \texttt{last} as the second -% one\footnote{In languages of the ML family the first definition would -% be translated into a term where the variable \texttt{x} is shared in -% the expression. When patterns are of non-dependent types, Coq -% compiles as in ML languages using sharing. When patterns are of -% dependent types the compilation reconstructs the term as in the -% second definition of \texttt{last} so to ensure the result of -% expansion is well typed.}. Thus it generates a term where the -% recursive call is rejected by the guard condition. - -% You can get rid of this problem by writing the definition with -% \emph{simple patterns}: - -% \begin{coq_example} -% Fixpoint last [n:nat; l:(listn n)] : nat := -% <[_:nat]nat>match l of -% (consn m a x) => Cases x of niln => a | _ => (last m x) end -% | niln => O -% end. -% \end{coq_example} - -\end{ErrMsgs} - - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% End: diff --git a/doc/refman/Classes.tex b/doc/refman/Classes.tex index 6e76d04e77..da798a238e 100644 --- a/doc/refman/Classes.tex +++ b/doc/refman/Classes.tex @@ -492,26 +492,6 @@ control on the triggering of instances. For example, forcing a constant to explicitely appear in the pattern will make it never apply on a goal where there is a hole in that place. -\subsection{\tt Set Typeclasses Legacy Resolution} -\optindex{Typeclasses Legacy Resolution} -\emph{Deprecated since 8.7} - -This option (off by default) uses the 8.5 implementation of resolution. -Use for compatibility purposes only (porting and debugging). - -\subsection{\tt Set Typeclasses Module Eta} -\optindex{Typeclasses Modulo Eta} -\emph{Deprecated since 8.7} - -This option allows eta-conversion for functions and records during -unification of type-classes. This option is unsupported since 8.6 with -{\tt Typeclasses Filtered Unification} set, but still affects the -default unification strategy, and the one used in {\tt Legacy - Resolution} mode. It is \emph{unset} by default. If {\tt Typeclasses - Filtered Unification} is set, this has no effect and unification will -find solutions up-to eta conversion. Note however that syntactic -pattern-matching is not up-to eta. - \subsection{\tt Set Typeclasses Limit Intros} \optindex{Typeclasses Limit Intros} @@ -525,13 +505,6 @@ invertibility status of the product introduction rule, resulting in potentially more expensive proof-search (i.e. more useless backtracking). -\subsection{\tt Set Typeclass Resolution After Apply} -\optindex{Typeclass Resolution After Apply} -\emph{Deprecated since 8.6} - -This option (off by default in Coq 8.6 and 8.5) controls the resolution -of typeclass subgoals generated by the {\tt apply} tactic. - \subsection{\tt Set Typeclass Resolution For Conversion} \optindex{Typeclass Resolution For Conversion} diff --git a/doc/refman/Coercion.tex b/doc/refman/Coercion.tex index ec46e1eb58..9862a9b30d 100644 --- a/doc/refman/Coercion.tex +++ b/doc/refman/Coercion.tex @@ -33,7 +33,8 @@ classes: \begin{itemize} \item {\tt Sortclass}, the class of sorts; - its objects are the terms whose type is a sort. + its objects are the terms whose type is a sort (e.g., \texttt{Prop} + or \texttt{Type}). \item {\tt Funclass}, the class of functions; its objects are all the terms with a functional type, i.e. of form $forall~ x:A, B$. @@ -73,8 +74,8 @@ conditions holds: We then write $f:C \mbox{\texttt{>->}} D$. The restriction on the type of coercions is called {\em the uniform inheritance condition}. -Remark that the abstract classes {\tt Funclass} and {\tt Sortclass} -cannot be source classes. +Remark: the abstract class {\tt Sortclass} can be used as source class, +but the abstract class {\tt Funclass} cannot. To coerce an object $t:C~t_1..t_n$ of $C$ towards $D$, we have to apply the coercion $f$ to it; the obtained term $f~t_1..t_n~t$ is @@ -160,7 +161,6 @@ Declares the construction denoted by {\qualid} as a coercion between \item {\qualid} \errindex{not declared} \item {\qualid} \errindex{is already a coercion} \item \errindex{Funclass cannot be a source class} -\item \errindex{Sortclass cannot be a source class} \item {\qualid} \errindex{is not a function} \item \errindex{Cannot find the source class of {\qualid}} \item \errindex{Cannot recognize {\class$_1$} as a source class of {\qualid}} diff --git a/doc/refman/Micromega.tex b/doc/refman/Micromega.tex deleted file mode 100644 index 2617142f5a..0000000000 --- a/doc/refman/Micromega.tex +++ /dev/null @@ -1,256 +0,0 @@ -\achapter{Micromega: tactics for solving arithmetic goals over ordered rings} -%HEVEA\cutname{micromega.html} -\aauthor{Frédéric Besson and Evgeny Makarov} -\newtheorem{theorem}{Theorem} - - -\asection{Short description of the tactics} -\tacindex{psatz} \tacindex{lra} \tacindex{lia} \tacindex{nia} \tacindex{nra} -\label{sec:psatz-hurry} -The {\tt Psatz} module ({\tt Require Import Psatz.}) gives access to -several tactics for solving arithmetic goals over {\tt Z}, {\tt Q}, and -{\tt R}:\footnote{Support for {\tt nat} and {\tt N} is obtained by - pre-processing the goal with the {\tt zify} tactic.}. -It also possible to get the tactics for integers by a {\tt Require Import Lia}, rationals {\tt Require Import Lqa} -and reals {\tt Require Import Lra}. -\begin{itemize} -\item {\tt lia} is a decision procedure for linear integer arithmetic (see Section~\ref{sec:lia}); -\item {\tt nia} is an incomplete proof procedure for integer non-linear arithmetic (see Section~\ref{sec:nia}); -\item {\tt lra} is a decision procedure for linear (real or rational) arithmetic (see Section~\ref{sec:lra}); -\item {\tt nra} is an incomplete proof procedure for non-linear (real or rational) arithmetic (see Section~\ref{sec:nra}); -\item {\tt psatz D n} where {\tt D} is {\tt Z} or {\tt Q} or {\tt R}, and - {\tt n} is an optional integer limiting the proof search depth is is an - incomplete proof procedure for non-linear arithmetic. It is based on - John Harrison's HOL Light driver to the external prover {\tt - csdp}\footnote{Sources and binaries can be found at - \url{https://projects.coin-or.org/Csdp}}. Note that the {\tt csdp} - driver is generating a \emph{proof cache} which makes it possible to - rerun scripts even without {\tt csdp} (see Section~\ref{sec:psatz}). -\end{itemize} - -The tactics solve propositional formulas parameterized by atomic arithmetic expressions -interpreted over a domain $D \in \{\mathbb{Z}, \mathbb{Q}, \mathbb{R} \}$. -The syntax of the formulas is the following: -\[ -\begin{array}{lcl} - F &::=& A \mid P \mid \mathit{True} \mid \mathit{False} \mid F_1 \land F_2 \mid F_1 \lor F_2 \mid F_1 \leftrightarrow F_2 \mid F_1 \to F_2 \mid \neg F\\ - A &::=& p_1 = p_2 \mid p_1 > p_2 \mid p_1 < p_2 \mid p_1 \ge p_2 \mid p_1 \le p_2 \\ - p &::=& c \mid x \mid {-}p \mid p_1 - p_2 \mid p_1 + p_2 \mid p_1 \times p_2 \mid p \verb!^! n -\end{array} -\] -where $c$ is a numeric constant, $x\in D$ is a numeric variable, the -operators $-$, $+$, $\times$ are respectively subtraction, addition, -product, $p \verb!^!n $ is exponentiation by a constant $n$, $P$ is an -arbitrary proposition. - % - For {\tt Q}, equality is not Leibniz equality {\tt =} but the equality of rationals {\tt ==}. - -For {\tt Z} (resp. {\tt Q} ), $c$ ranges over integer constants (resp. rational constants). -%% The following table details for each domain $D \in \{\mathbb{Z},\mathbb{Q},\mathbb{R}\}$ the range of constants $c$ and exponent $n$. -%% \[ -%% \begin{array}{|c|c|c|c|} -%% \hline -%% &\mathbb{Z} & \mathbb{Q} & \mathbb{R} \\ -%% \hline -%% c &\mathtt{Z} & \mathtt{Q} & (see below) \\ -%% \hline -%% n &\mathtt{Z} & \mathtt{Z} & \mathtt{nat}\\ -%% \hline -%% \end{array} -%% \] -For {\tt R}, the tactic recognizes as real constants the following expressions: -\begin{verbatim} -c ::= R0 | R1 | Rmul(c,c) | Rplus(c,c) | Rminus(c,c) | IZR z | IQR q - | Rdiv(c,c) | Rinv c -\end{verbatim} -where {\tt z} is a constant in {\tt Z} and {\tt q} is a constant in {\tt Q}. -This includes integer constants written using the decimal notation \emph{i.e.,} {\tt c\%R}. - -\asection{\emph{Positivstellensatz} refutations} -\label{sec:psatz-back} - -The name {\tt psatz} is an abbreviation for \emph{positivstellensatz} -- literally positivity theorem -- which -generalizes Hilbert's \emph{nullstellensatz}. -% -It relies on the notion of $\mathit{Cone}$. Given a (finite) set of -polynomials $S$, $\mathit{Cone}(S)$ is inductively defined as the -smallest set of polynomials closed under the following rules: -\[ -\begin{array}{l} -\dfrac{p \in S}{p \in \mathit{Cone}(S)} \quad -\dfrac{}{p^2 \in \mathit{Cone}(S)} \quad -\dfrac{p_1 \in \mathit{Cone}(S) \quad p_2 \in \mathit{Cone}(S) \quad -\Join \in \{+,*\}} {p_1 \Join p_2 \in \mathit{Cone}(S)}\\ -\end{array} -\] -The following theorem provides a proof principle for checking that a set -of polynomial inequalities does not have solutions.\footnote{Variants - deal with equalities and strict inequalities.} -\begin{theorem} - \label{thm:psatz} - Let $S$ be a set of polynomials.\\ - If ${-}1$ belongs to $\mathit{Cone}(S)$ then the conjunction - $\bigwedge_{p \in S} p\ge 0$ is unsatisfiable. -\end{theorem} -A proof based on this theorem is called a \emph{positivstellensatz} refutation. -% -The tactics work as follows. Formulas are normalized into conjunctive normal form $\bigwedge_i C_i$ where -$C_i$ has the general form $(\bigwedge_{j\in S_i} p_j \Join 0) \to \mathit{False})$ and $\Join \in \{>,\ge,=\}$ for $D\in -\{\mathbb{Q},\mathbb{R}\}$ and $\Join \in \{\ge, =\}$ for $\mathbb{Z}$. -% -For each conjunct $C_i$, the tactic calls a oracle which searches for $-1$ within the cone. -% -Upon success, the oracle returns a \emph{cone expression} that is normalized by the {\tt ring} tactic (see chapter~\ref{ring}) and checked to be -$-1$. - - -\asection{{\tt lra}: a decision procedure for linear real and rational arithmetic} -\label{sec:lra} -The {\tt lra} tactic is searching for \emph{linear} refutations using -Fourier elimination.\footnote{More efficient linear programming - techniques could equally be employed.} As a result, this tactic -explores a subset of the $\mathit{Cone}$ defined as -\[ -\mathit{LinCone}(S) =\left\{ \left. \sum_{p \in S} \alpha_p \times p~\right| -~\alpha_p \mbox{ are positive constants} \right\}. -\] -The deductive power of {\tt lra} is the combined deductive power of {\tt ring\_simplify} and {\tt fourier}. -% -There is also an overlap with the {\tt field} tactic {\emph e.g.}, {\tt x = 10 * x / 10} is solved by {\tt lra}. - - -\asection{{\tt lia}: a tactic for linear integer arithmetic} -\tacindex{lia} -\label{sec:lia} - -The tactic {\tt lia} offers an alternative to the {\tt omega} and {\tt - romega} tactic (see Chapter~\ref{OmegaChapter}). -% -Roughly speaking, the deductive power of {\tt lia} is the combined deductive power of {\tt ring\_simplify} and {\tt omega}. -% -However, it solves linear goals that {\tt omega} and {\tt romega} do not solve, such as the -following so-called \emph{omega nightmare}~\cite{TheOmegaPaper}. -\begin{coq_example*} -Goal forall x y, - 27 <= 11 * x + 13 * y <= 45 -> - -10 <= 7 * x - 9 * y <= 4 -> False. -\end{coq_example*} -\begin{coq_eval} -intros x y; lia. -\end{coq_eval} -The estimation of the relative efficiency of {\tt lia} \emph{vs} {\tt omega} -and {\tt romega} is under evaluation. - -\paragraph{High level view of {\tt lia}.} -Over $\mathbb{R}$, \emph{positivstellensatz} refutations are a complete -proof principle.\footnote{In practice, the oracle might fail to produce - such a refutation.} -% -However, this is not the case over $\mathbb{Z}$. -% -Actually, \emph{positivstellensatz} refutations are not even sufficient -to decide linear \emph{integer} arithmetic. -% -The canonical example is {\tt 2 * x = 1 -> False} which is a theorem of $\mathbb{Z}$ but not a theorem of $\mathbb{R}$. -% -To remedy this weakness, the {\tt lia} tactic is using recursively a combination of: -% -\begin{itemize} -\item linear \emph{positivstellensatz} refutations; -\item cutting plane proofs; -\item case split. -\end{itemize} - -\paragraph{Cutting plane proofs} are a way to take into account the discreetness of $\mathbb{Z}$ by rounding up -(rational) constants up-to the closest integer. -% -\begin{theorem} - Let $p$ be an integer and $c$ a rational constant. - \[ - p \ge c \Rightarrow p \ge \lceil c \rceil - \] -\end{theorem} -For instance, from $2 x = 1$ we can deduce -\begin{itemize} -\item $x \ge 1/2$ which cut plane is $ x \ge \lceil 1/2 \rceil = 1$; -\item $ x \le 1/2$ which cut plane is $ x \le \lfloor 1/2 \rfloor = 0$. -\end{itemize} -By combining these two facts (in normal form) $x - 1 \ge 0$ and $-x \ge -0$, we conclude by exhibiting a \emph{positivstellensatz} refutation: $-1 -\equiv \mathbf{x-1} + \mathbf{-x} \in \mathit{Cone}(\{x-1,x\})$. - -Cutting plane proofs and linear \emph{positivstellensatz} refutations are a complete proof principle for integer linear arithmetic. - -\paragraph{Case split} enumerates over the possible values of an expression. -\begin{theorem} - Let $p$ be an integer and $c_1$ and $c_2$ integer constants. - \[ - c_1 \le p \le c_2 \Rightarrow \bigvee_{x \in [c_1,c_2]} p = x - \] -\end{theorem} -Our current oracle tries to find an expression $e$ with a small range $[c_1,c_2]$. -% -We generate $c_2 - c_1$ subgoals which contexts are enriched with an equation $e = i$ for $i \in [c_1,c_2]$ and -recursively search for a proof. - - -\asection{{\tt nra}: a proof procedure for non-linear arithmetic} -\tacindex{nra} -\label{sec:nra} -The {\tt nra} tactic is an {\emph experimental} proof procedure for non-linear arithmetic. -% -The tactic performs a limited amount of non-linear reasoning before running the -linear prover of {\tt lra}. -This pre-processing does the following: -\begin{itemize} -\item If the context contains an arithmetic expression of the form $e[x^2]$ where $x$ is a - monomial, the context is enriched with $x^2\ge 0$; -\item For all pairs of hypotheses $e_1\ge 0$, $e_2 \ge 0$, the context is enriched with $e_1 \times e_2 \ge 0$. -\end{itemize} -After this pre-processing, the linear prover of {\tt lra} searches for a proof -by abstracting monomials by variables. - -\asection{{\tt nia}: a proof procedure for non-linear integer arithmetic} -\tacindex{nia} -\label{sec:nia} -The {\tt nia} tactic is a proof procedure for non-linear integer arithmetic. -% -It performs a pre-processing similar to {\tt nra}. The obtained goal is solved using the linear integer prover {\tt lia}. - -\asection{{\tt psatz}: a proof procedure for non-linear arithmetic} -\label{sec:psatz} -The {\tt psatz} tactic explores the $\mathit{Cone}$ by increasing degrees -- hence the depth parameter $n$. -In theory, such a proof search is complete -- if the goal is provable the search eventually stops. -Unfortunately, the external oracle is using numeric (approximate) optimization techniques that might miss a -refutation. - -To illustrate the working of the tactic, consider we wish to prove the following Coq goal. -\begin{coq_eval} -Require Import ZArith Psatz. -Open Scope Z_scope. -\end{coq_eval} -\begin{coq_example*} -Goal forall x, -x^2 >= 0 -> x - 1 >= 0 -> False. -\end{coq_example*} -\begin{coq_eval} -intro x; psatz Z 2. -\end{coq_eval} -Such a goal is solved by {\tt intro x; psatz Z 2}. The oracle returns the -cone expression $2 \times (\mathbf{x-1}) + (\mathbf{x-1}) \times -(\mathbf{x-1}) + \mathbf{-x^2}$ (polynomial hypotheses are printed in -bold). By construction, this expression belongs to $\mathit{Cone}(\{-x^2, -x -1\})$. Moreover, by running {\tt ring} we obtain $-1$. By -Theorem~\ref{thm:psatz}, the goal is valid. -% - -%% \paragraph{The {\tt sos} tactic} -- where {\tt sos} stands for \emph{sum of squares} -- tries to prove that a -%% single polynomial $p$ is positive by expressing it as a sum of squares \emph{i.e.,} $\sum_{i\in S} p_i^2$. -%% This amounts to searching for $p$ in the cone without generators \emph{i.e.}, $Cone(\{\})$. -% - - - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% End: diff --git a/doc/refman/Omega.tex b/doc/refman/Omega.tex deleted file mode 100644 index 82765da6ed..0000000000 --- a/doc/refman/Omega.tex +++ /dev/null @@ -1,249 +0,0 @@ -\achapter{Omega: a solver of quantifier-free problems in -Presburger Arithmetic} -%HEVEA\cutname{omega.html} -\aauthor{Pierre Crégut} -\label{OmegaChapter} - -\asection{Description of {\tt omega}} -\tacindex{omega} -\label{description} - -{\tt omega} solves a goal in Presburger arithmetic, i.e. a universally -quantified formula made of equations and inequations. Equations may -be specified either on the type \verb=nat= of natural numbers or on -the type \verb=Z= of binary-encoded integer numbers. Formulas on -\verb=nat= are automatically injected into \verb=Z=. The procedure -may use any hypothesis of the current proof session to solve the goal. - -Multiplication is handled by {\tt omega} but only goals where at -least one of the two multiplicands of products is a constant are -solvable. This is the restriction meant by ``Presburger arithmetic''. - -If the tactic cannot solve the goal, it fails with an error message. -In any case, the computation eventually stops. - -\asubsection{Arithmetical goals recognized by {\tt omega}} - -{\tt omega} applied only to quantifier-free formulas built from the -connectors - -\begin{quote} -\verb=/\, \/, ~, ->= -\end{quote} - -on atomic formulas. Atomic formulas are built from the predicates - -\begin{quote} -\verb!=, le, lt, gt, ge! -\end{quote} - - on \verb=nat= or from the predicates - -\begin{quote} -\verb!=, <, <=, >, >=! -\end{quote} - - on \verb=Z=. In expressions of type \verb=nat=, {\tt omega} recognizes - -\begin{quote} -\verb!plus, minus, mult, pred, S, O! -\end{quote} - -and in expressions of type \verb=Z=, {\tt omega} recognizes - -\begin{quote} -\verb!+, -, *, Z.succ!, and constants. -\end{quote} - -All expressions of type \verb=nat= or \verb=Z= not built on these -operators are considered abstractly as if they -were arbitrary variables of type \verb=nat= or \verb=Z=. - -\asubsection{Messages from {\tt omega}} -\label{errors} - -When {\tt omega} does not solve the goal, one of the following errors -is generated: - -\begin{ErrMsgs} - -\item \errindex{omega can't solve this system} - - This may happen if your goal is not quantifier-free (if it is - universally quantified, try {\tt intros} first; if it contains - existentials quantifiers too, {\tt omega} is not strong enough to solve your - goal). This may happen also if your goal contains arithmetical - operators unknown from {\tt omega}. Finally, your goal may be really - wrong! - -\item \errindex{omega: Not a quantifier-free goal} - - If your goal is universally quantified, you should first apply {\tt - intro} as many time as needed. - -\item \errindex{omega: Unrecognized predicate or connective: {\sl ident}} - -\item \errindex{omega: Unrecognized atomic proposition: {\sl prop}} - -\item \errindex{omega: Can't solve a goal with proposition variables} - -\item \errindex{omega: Unrecognized proposition} - -\item \errindex{omega: Can't solve a goal with non-linear products} - -\item \errindex{omega: Can't solve a goal with equality on {\sl type}} - -\end{ErrMsgs} - -%% This code is currently unplugged -%% -% \asubsection{Control over the output} -% There are some flags that can be set to get more information on the procedure - -% \begin{itemize} -% \item \verb=Time= to get the time used by the procedure -% \item \verb=System= to visualize the normalized systems. -% \item \verb=Action= to visualize the actions performed by the OMEGA -% procedure (see \ref{technical}). -% \end{itemize} - -% \comindex{Set omega Time} -% \comindex{UnSet omega Time} -% \comindex{Switch omega Time} -% \comindex{Set omega System} -% \comindex{UnSet omega System} -% \comindex{Switch omega System} -% \comindex{Set omega Action} -% \comindex{UnSet omega Action} -% \comindex{Switch omega Action} - -% Use {\tt Set omega {\rm\sl flag}} to set the flag -% {\rm\sl flag}. Use {\tt Unset omega {\rm\sl flag}} to unset it and -% {\tt Switch omega {\rm\sl flag}} to toggle it. - -\section{Using {\tt omega}} - -The {\tt omega} tactic does not belong to the core system. It should be -loaded by -\begin{coq_example*} -Require Import Omega. -Open Scope Z_scope. -\end{coq_example*} - -\example{} - -\begin{coq_example} -Goal forall m n:Z, 1 + 2 * m <> 2 * n. -intros; omega. -\end{coq_example} -\begin{coq_eval} -Abort. -\end{coq_eval} - -\example{} - -\begin{coq_example} -Goal forall z:Z, z > 0 -> 2 * z + 1 > z. -intro; omega. -\end{coq_example} - -% Other examples can be found in \verb+$COQLIB/theories/DEMOS/OMEGA+. - -\section{Options} - -\begin{quote} - \optindex{Stable Omega} - {\tt Unset Stable Omega} -\end{quote} -This deprecated option (on by default) is for compatibility with Coq -pre 8.5. It resets internal name counters to make executions of -{\tt omega} independent. - -\begin{quote} - \optindex{Omega UseLocalDefs} - {\tt Unset Omega UseLocalDefs} -\end{quote} -This option (on by default) allows {\tt omega} to use the bodies of -local variables. - -\begin{quote} - \optindex{Omega System} - {\tt Set Omega System} - \optindex{Omega Action} - {\tt Set Omega Action} -\end{quote} -These two options (off by default) activate the printing of debug -information. - -\asection{Technical data} -\label{technical} - -\asubsection{Overview of the tactic} -\begin{itemize} - -\item The goal is negated twice and the first negation is introduced as an - hypothesis. -\item Hypothesis are decomposed in simple equations or inequations. Multiple - goals may result from this phase. -\item Equations and inequations over \verb=nat= are translated over - \verb=Z=, multiple goals may result from the translation of - substraction. -\item Equations and inequations are normalized. -\item Goals are solved by the {\it OMEGA} decision procedure. -\item The script of the solution is replayed. - -\end{itemize} - -\asubsection{Overview of the {\it OMEGA} decision procedure} - -The {\it OMEGA} decision procedure involved in the {\tt omega} tactic uses -a small subset of the decision procedure presented in - -\begin{quote} - "The Omega Test: a fast and practical integer programming -algorithm for dependence analysis", William Pugh, Communication of the -ACM , 1992, p 102-114. -\end{quote} - -Here is an overview, look at the original paper for more information. - -\begin{itemize} - -\item Equations and inequations are normalized by division by the GCD of their - coefficients. -\item Equations are eliminated, using the Banerjee test to get a coefficient - equal to one. -\item Note that each inequation defines a half space in the space of real value - of the variables. - \item Inequations are solved by projecting on the hyperspace - defined by cancelling one of the variable. They are partitioned - according to the sign of the coefficient of the eliminated - variable. Pairs of inequations from different classes define a - new edge in the projection. - \item Redundant inequations are eliminated or merged in new - equations that can be eliminated by the Banerjee test. -\item The last two steps are iterated until a contradiction is reached - (success) or there is no more variable to eliminate (failure). - -\end{itemize} - -It may happen that there is a real solution and no integer one. The last -steps of the Omega procedure (dark shadow) are not implemented, so the -decision procedure is only partial. - -\asection{Bugs} - -\begin{itemize} -\item The simplification procedure is very dumb and this results in - many redundant cases to explore. - -\item Much too slow. - -\item Certainly other bugs! You can report them to \url{https://coq.inria.fr/bugs/}. - -\end{itemize} - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% End: diff --git a/doc/refman/RefMan-cic.tex b/doc/refman/RefMan-cic.tex deleted file mode 100644 index 2695c5eee4..0000000000 --- a/doc/refman/RefMan-cic.tex +++ /dev/null @@ -1,1881 +0,0 @@ -\chapter[Calculus of Inductive Constructions]{Calculus of Inductive Constructions -\label{Cic} -\index{Cic@\textsc{CIC}} -\index{Calculus of Inductive Constructions}} -%HEVEA\cutname{cic.html} - -The underlying formal language of {\Coq} is a {\em Calculus of -Inductive Constructions} (\CIC) whose inference rules are presented in -this chapter. The history of this formalism as well as pointers to related work -are provided in a separate chapter; see {\em Credits}. - -\section[The terms]{The terms\label{Terms}} - -The expressions of the {\CIC} are {\em terms} and all terms have a {\em type}. -There are types for functions (or -programs), there are atomic types (especially datatypes)... but also -types for proofs and types for the types themselves. -Especially, any object handled in the formalism must belong to a -type. For instance, universal quantification is relative to a type and -takes the form {\it ``for all x -of type T, P''}. The expression {\it ``x of type T''} is -written {\it ``x:T''}. Informally, {\it ``x:T''} can be thought as -{\it ``x belongs to T''}. - -The types of types are {\em sorts}. Types and sorts are themselves -terms so that terms, types and sorts are all components of a common -syntactic language of terms which is described in -Section~\ref{cic:terms} but, first, we describe sorts. - -\subsection[Sorts]{Sorts\label{Sorts} -\index{Sorts}} -All sorts have a type and there is an infinite well-founded -typing hierarchy of sorts whose base sorts are {\Prop} and {\Set}. - -The sort {\Prop} intends to be the type of logical propositions. If -$M$ is a logical proposition then it denotes the class of terms -representing proofs of $M$. An object $m$ belonging to $M$ witnesses -the fact that $M$ is provable. An object of type {\Prop} is called a -proposition. - -The sort {\Set} intends to be the type of small sets. This includes data -types such as booleans and naturals, but also products, subsets, and -function types over these data types. - -{\Prop} and {\Set} themselves can be manipulated as ordinary -terms. Consequently they also have a type. Because assuming simply -that {\Set} has type {\Set} leads to an inconsistent theory~\cite{Coq86}, the -language of {\CIC} has infinitely many sorts. There are, in addition -to {\Set} and {\Prop} a hierarchy of universes {\Type$(i)$} for any -integer $i$. - -Like {\Set}, all of the sorts {\Type$(i)$} contain small sets such as -booleans, natural numbers, as well as products, subsets and function -types over small sets. But, unlike {\Set}, they also contain large -sets, namely the sorts {\Set} and {\Type$(j)$} for $j<i$, and all -products, subsets and function types over these sorts. - -Formally, we call {\Sort} the set of sorts which is defined by: -\index{Type@{\Type}}% -\index{Prop@{\Prop}}% -\index{Set@{\Set}}% -\[\Sort \equiv \{\Prop,\Set,\Type(i)\;|\; i \in \NN\} \] -Their properties, such as: -{\Prop:\Type$(1)$}, {\Set:\Type$(1)$}, and {\Type$(i)$:\Type$(i+1)$}, -are defined in Section~\ref{subtyping-rules}. - -The user does not have to mention explicitly the index $i$ when referring to -the universe \Type$(i)$. One only writes \Type. The -system itself generates for each instance of \Type\ a new -index for the universe and checks that the constraints between these -indexes can be solved. From the user point of view we consequently -have {\Type}:{\Type}. -We shall make precise in the typing rules the constraints between the -indexes. - -\paragraph{Implementation issues} -In practice, the {\Type} hierarchy is implemented using -{\em algebraic universes}\index{algebraic universe}. -An algebraic universe $u$ is either a variable (a qualified -identifier with a number) or a successor of an algebraic universe (an -expression $u+1$), or an upper bound of algebraic universes (an -expression $max(u_1,...,u_n)$), or the base universe (the expression -$0$) which corresponds, in the arity of template polymorphic inductive -types (see Section \ref{Template-polymorphism}), -to the predicative sort {\Set}. A graph of constraints between -the universe variables is maintained globally. To ensure the existence -of a mapping of the universes to the positive integers, the graph of -constraints must remain acyclic. Typing expressions that violate the -acyclicity of the graph of constraints results in a \errindex{Universe -inconsistency} error (see also Section~\ref{PrintingUniverses}). - -%% HH: This looks to me more like source of confusion than helpful - -%% \subsection{Constants} - -%% Constants refers to -%% objects in the global environment. These constants may denote previously -%% defined objects, but also objects related to inductive definitions -%% (either the type itself or one of its constructors or destructors). - -%% \medskip\noindent {\bf Remark. } In other presentations of \CIC, -%% the inductive objects are not seen as -%% external declarations but as first-class terms. Usually the -%% definitions are also completely ignored. This is a nice theoretical -%% point of view but not so practical. An inductive definition is -%% specified by a possibly huge set of declarations, clearly we want to -%% share this specification among the various inductive objects and not -%% to duplicate it. So the specification should exist somewhere and the -%% various objects should refer to it. We choose one more level of -%% indirection where the objects are just represented as constants and -%% the environment gives the information on the kind of object the -%% constant refers to. - -%% \medskip -%% Our inductive objects will be manipulated as constants declared in the -%% environment. This roughly corresponds to the way they are actually -%% implemented in the \Coq\ system. It is simple to map this presentation -%% in a theory where inductive objects are represented by terms. - -\subsection{Terms} -\label{cic:terms} - -Terms are built from sorts, variables, constants, -%constructors, inductive types, -abstractions, applications, local definitions, -%case analysis, fixpoints, cofixpoints -and products. -From a syntactic point of view, types cannot be distinguished from terms, -except that they cannot start by an abstraction or a constructor. -More precisely the language of the {\em Calculus of Inductive - Constructions} is built from the following rules. -% -\begin{enumerate} -\item the sorts {\Set}, {\Prop}, ${\Type(i)}$ are terms. -\item variables, hereafter ranged over by letters $x$, $y$, etc., are terms -\item constants, hereafter ranged over by letters $c$, $d$, etc., are terms. -%\item constructors, hereafter ranged over by letter $C$, are terms. -%\item inductive types, hereafter ranged over by letter $I$, are terms. -\item\index{products} if $x$ is a variable and $T$, $U$ are terms then $\forall~x:T,U$ - ($\kw{forall}~x:T,~U$ in \Coq{} concrete syntax) is a term. If $x$ - occurs in $U$, $\forall~x:T,U$ reads as {\it ``for all x of type T, - U''}. As $U$ depends on $x$, one says that $\forall~x:T,U$ is a - {\em dependent product}. If $x$ does not occur in $U$ then - $\forall~x:T,U$ reads as {\it ``if T then U''}. A {\em non dependent - product} can be written: $T \ra U$. -\item if $x$ is a variable and $T$, $u$ are terms then $\lb x:T \mto u$ - ($\kw{fun}~x:T~ {\tt =>}~ u$ in \Coq{} concrete syntax) is a term. This is a - notation for the $\lambda$-abstraction of - $\lambda$-calculus\index{lambda-calculus@$\lambda$-calculus} - \cite{Bar81}. The term $\lb x:T \mto u$ is a function which maps - elements of $T$ to the expression $u$. -\item if $t$ and $u$ are terms then $(t\ u)$ is a term - ($t~u$ in \Coq{} concrete syntax). The term $(t\ - u)$ reads as {\it ``t applied to u''}. -\item if $x$ is a variable, and $t$, $T$ and $u$ are terms then - $\kw{let}~x:=t:T~\kw{in}~u$ is a - term which denotes the term $u$ where the variable $x$ is locally - bound to $t$ of type $T$. This stands for the common ``let-in'' - construction of functional programs such as ML or Scheme. -%\item case ... -%\item fixpoint ... -%\item cofixpoint ... -\end{enumerate} - -\paragraph{Free variables.} -The notion of free variables is defined as usual. In the expressions -$\lb x:T\mto U$ and $\forall x:T, U$ the occurrences of $x$ in $U$ -are bound. - -\paragraph[Substitution.]{Substitution.\index{Substitution}} -The notion of substituting a term $t$ to free occurrences of a -variable $x$ in a term $u$ is defined as usual. The resulting term -is written $\subst{u}{x}{t}$. - -\paragraph[The logical vs programming readings.]{The logical vs programming readings.} - -The constructions of the {\CIC} can be used to express both logical -and programming notions, accordingly to the Curry-Howard -correspondence between proofs and programs, and between propositions -and types~\cite{Cur58,How80,Bru72}. - -For instance, let us assume that \nat\ is the type of natural numbers -with zero element written $0$ and that ${\tt True}$ is the always true -proposition. Then $\ra$ is used both to denote $\nat\ra\nat$ which is -the type of functions from \nat\ to \nat, to denote ${\tt True}\ra{\tt - True}$ which is an implicative proposition, to denote $\nat \ra -\Prop$ which is the type of unary predicates over the natural numbers, -etc. - -Let us assume that ${\tt mult}$ is a function of type $\nat\ra\nat\ra -\nat$ and ${\tt eqnat}$ a predicate of type $\nat\ra\nat\ra \Prop$. -The $\lambda$-abstraction can serve to build ``ordinary'' functions as -in $\lambda x:\nat.({\tt mult}~x~x)$ (i.e. $\kw{fun}~x:\nat ~{\tt =>}~ -{\tt mult} ~x~x$ in {\Coq} notation) but may build also predicates -over the natural numbers. For instance $\lambda x:\nat.({\tt eqnat}~ -x~0)$ (i.e. $\kw{fun}~x:\nat ~{\tt =>}~ {\tt eqnat}~ x~0$ in {\Coq} -notation) will represent the predicate of one variable $x$ which -asserts the equality of $x$ with $0$. This predicate has type $\nat -\ra \Prop$ and it can be applied to any expression of type ${\nat}$, -say $t$, to give an object $P~t$ of type \Prop, namely a proposition. - -Furthermore $\kw{forall}~x:\nat,\,P\;x$ will represent the type of -functions which associate to each natural number $n$ an object of type -$(P~n)$ and consequently represent the type of proofs of the formula -``$\forall x.\,P(x)$''. - -\section[Typing rules]{Typing rules\label{Typed-terms}} - -As objects of type theory, terms are subjected to {\em type -discipline}. The well typing of a term depends on -a global environment and a local context. - -\paragraph{Local context.\index{Local context}} -A {\em local context} is an ordered list of -{\em local declarations\index{declaration!local}} of names which we call {\em variables\index{variable}}. -The declaration of some variable $x$ is -either a {\em local assumption\index{assumption!local}}, written $x:T$ ($T$ is a type) or a {\em local definition\index{definition!local}}, -written $x:=t:T$. We use brackets to write local contexts. A -typical example is $[x:T;y:=u:U;z:V]$. Notice that the variables -declared in a local context must be distinct. If $\Gamma$ declares some $x$, -we write $x \in \Gamma$. By writing $(x:T) \in \Gamma$ we mean that -either $x:T$ is an assumption in $\Gamma$ or that there exists some $t$ such -that $x:=t:T$ is a definition in $\Gamma$. If $\Gamma$ defines some -$x:=t:T$, we also write $(x:=t:T) \in \Gamma$. -For the rest of the chapter, the $\Gamma::(y:T)$ denotes the local context -$\Gamma$ enriched with the local assumption $y:T$. -Similarly, $\Gamma::(y:=t:T)$ denotes the local context -$\Gamma$ enriched with the local definition $(y:=t:T)$. -The notation $[]$ denotes the empty local context. -By $\Gamma_1; \Gamma_2$ we mean concatenation of the local context $\Gamma_1$ -and the local context $\Gamma_2$. - -% Does not seem to be used further... -% Si dans l'explication WF(E)[Gamma] concernant les constantes -% definies ds un contexte - -%We define the inclusion of two local contexts $\Gamma$ and $\Delta$ (written -%as $\Gamma \subset \Delta$) as the property, for all variable $x$, -%type $T$ and term $t$, if $(x:T) \in \Gamma$ then $(x:T) \in \Delta$ -%and if $(x:=t:T) \in \Gamma$ then $(x:=t:T) \in \Delta$. -%We write -% $|\Delta|$ for the length of the context $\Delta$, that is for the number -% of declarations (assumptions or definitions) in $\Delta$. - -\paragraph[Global environment.]{Global environment.\index{Global environment}} -%Because we are manipulating global declarations (global constants and global -%assumptions), we also need to consider a global environment $E$. - -A {\em global environment} is an ordered list of {\em global declarations\index{declaration!global}}. -Global declarations are either {\em global assumptions\index{assumption!global}} or {\em global -definitions\index{definition!global}}, but also declarations of inductive objects. Inductive objects themselves declare both inductive or coinductive types and constructors -(see Section~\ref{Cic-inductive-definitions}). - -A {\em global assumption} will be represented in the global environment as -$(c:T)$ which assumes the name $c$ to be of some type $T$. -A {\em global definition} will -be represented in the global environment as $c:=t:T$ which defines -the name $c$ to have value $t$ and type $T$. -We shall call such names {\em constants}. -For the rest of the chapter, the $E;c:T$ denotes the global environment -$E$ enriched with the global assumption $c:T$. -Similarly, $E;c:=t:T$ denotes the global environment -$E$ enriched with the global definition $(c:=t:T)$. - -The rules for inductive definitions (see Section -\ref{Cic-inductive-definitions}) have to be considered as assumption -rules to which the following definitions apply: if the name $c$ is -declared in $E$, we write $c \in E$ and if $c:T$ or $c:=t:T$ is -declared in $E$, we write $(c : T) \in E$. - -\paragraph[Typing rules.]{Typing rules.\label{Typing-rules}\index{Typing rules}} -In the following, we define simultaneously two -judgments. The first one \WTEG{t}{T} means the term $t$ is well-typed -and has type $T$ in the global environment $E$ and local context $\Gamma$. The -second judgment \WFE{\Gamma} means that the global environment $E$ is -well-formed and the local context $\Gamma$ is a valid local context in this -global environment. -% HH: This looks to me complicated. I think it would be better to talk -% about ``discharge'' as a transformation of global environments, -% rather than as keeping a local context next to global constants. -% -%% It also means a third property which makes sure that any -%%constant in $E$ was defined in an environment which is included in -%%$\Gamma$ -%%\footnote{This requirement could be relaxed if we instead introduced -%% an explicit mechanism for instantiating constants. At the external -%% level, the Coq engine works accordingly to this view that all the -%% definitions in the environment were built in a local sub-context of the -%% current local context.}. - -A term $t$ is well typed in a global environment $E$ iff there exists a -local context $\Gamma$ and a term $T$ such that the judgment \WTEG{t}{T} can -be derived from the following rules. -\begin{description} -\item[W-Empty] \inference{\WF{[]}{}} -\item[W-Local-Assum] % Ce n'est pas vrai : x peut apparaitre plusieurs fois dans Gamma -\inference{\frac{\WTEG{T}{s}~~~~s \in \Sort~~~~x \not\in \Gamma % \cup E - }{\WFE{\Gamma::(x:T)}}} -\item[W-Local-Def] -\inference{\frac{\WTEG{t}{T}~~~~x \not\in \Gamma % \cup E - }{\WFE{\Gamma::(x:=t:T)}}} -\item[W-Global-Assum] \inference{\frac{\WTE{}{T}{s}~~~~s \in \Sort~~~~c \notin E} - {\WF{E;c:T}{}}} -\item[W-Global-Def] \inference{\frac{\WTE{}{t}{T}~~~c \notin E} - {\WF{E;c:=t:T}{}}} -\item[Ax-Prop] \index{Typing rules!Ax-Prop} -\inference{\frac{\WFE{\Gamma}}{\WTEG{\Prop}{\Type(1)}}} -\item[Ax-Set] \index{Typing rules!Ax-Set} -\inference{\frac{\WFE{\Gamma}}{\WTEG{\Set}{\Type(1)}}} -\item[Ax-Type] \index{Typing rules!Ax-Type} -\inference{\frac{\WFE{\Gamma}}{\WTEG{\Type(i)}{\Type(i+1)}}} -\item[Var]\index{Typing rules!Var} - \inference{\frac{ \WFE{\Gamma}~~~~~(x:T) \in \Gamma~~\mbox{or}~~(x:=t:T) \in \Gamma~\mbox{for some $t$}}{\WTEG{x}{T}}} -\item[Const] \index{Typing rules!Const} -\inference{\frac{\WFE{\Gamma}~~~~(c:T) \in E~~\mbox{or}~~(c:=t:T) \in E~\mbox{for some $t$} }{\WTEG{c}{T}}} -\item[Prod-Prop] \index{Typing rules!Prod-Prop} -\inference{\frac{\WTEG{T}{s}~~~~s \in \Sort~~~ - \WTE{\Gamma::(x:T)}{U}{\Prop}} - { \WTEG{\forall~x:T,U}{\Prop}}} -\item[Prod-Set] \index{Typing rules!Prod-Set} -\inference{\frac{\WTEG{T}{s}~~~~s \in\{\Prop, \Set\}~~~~~~ - \WTE{\Gamma::(x:T)}{U}{\Set}} - { \WTEG{\forall~x:T,U}{\Set}}} -\item[Prod-Type] \index{Typing rules!Prod-Type} -\inference{\frac{\WTEG{T}{\Type(i)}~~~~ - \WTE{\Gamma::(x:T)}{U}{\Type(i)}} - {\WTEG{\forall~x:T,U}{\Type(i)}}} -\item[Lam]\index{Typing rules!Lam} -\inference{\frac{\WTEG{\forall~x:T,U}{s}~~~~ \WTE{\Gamma::(x:T)}{t}{U}} - {\WTEG{\lb x:T\mto t}{\forall x:T, U}}} -\item[App]\index{Typing rules!App} - \inference{\frac{\WTEG{t}{\forall~x:U,T}~~~~\WTEG{u}{U}} - {\WTEG{(t\ u)}{\subst{T}{x}{u}}}} -\item[Let]\index{Typing rules!Let} -\inference{\frac{\WTEG{t}{T}~~~~ \WTE{\Gamma::(x:=t:T)}{u}{U}} - {\WTEG{\letin{x}{t:T}{u}}{\subst{U}{x}{t}}}} -\end{description} - -\Rem Prod$_1$ and Prod$_2$ typing-rules make sense if we consider the semantic -difference between {\Prop} and {\Set}: -\begin{itemize} - \item All values of a type that has a sort {\Set} are extractable. - \item No values of a type that has a sort {\Prop} are extractable. -\end{itemize} - -\Rem We may have $\kw{let}~x:=t:T~\kw{in}~u$ -well-typed without having $((\lb x:T\mto u)~t)$ well-typed (where -$T$ is a type of $t$). This is because the value $t$ associated to $x$ -may be used in a conversion rule (see Section~\ref{conv-rules}). - -\section[Conversion rules]{Conversion rules\index{Conversion rules} -\label{conv-rules}} - -In \CIC, there is an internal reduction mechanism. In particular, it -can decide if two programs are {\em intentionally} equal (one -says {\em convertible}). Convertibility is described in this section. - -\paragraph[$\beta$-reduction.]{$\beta$-reduction.\label{beta}\index{beta-reduction@$\beta$-reduction}} - -We want to be able to identify some terms as we can identify the -application of a function to a given argument with its result. For -instance the identity function over a given type $T$ can be written -$\lb x:T\mto x$. In any global environment $E$ and local context $\Gamma$, we want to identify any object $a$ (of type $T$) with the -application $((\lb x:T\mto x)~a)$. We define for this a {\em reduction} (or a -{\em conversion}) rule we call $\beta$: -\[ \WTEGRED{((\lb x:T\mto - t)~u)}{\triangleright_{\beta}}{\subst{t}{x}{u}} \] -We say that $\subst{t}{x}{u}$ is the {\em $\beta$-contraction} of -$((\lb x:T\mto t)~u)$ and, conversely, that $((\lb x:T\mto t)~u)$ -is the {\em $\beta$-expansion} of $\subst{t}{x}{u}$. - -According to $\beta$-reduction, terms of the {\em Calculus of - Inductive Constructions} enjoy some fundamental properties such as -confluence, strong normalization, subject reduction. These results are -theoretically of great importance but we will not detail them here and -refer the interested reader to \cite{Coq85}. - -\paragraph[$\iota$-reduction.]{$\iota$-reduction.\label{iota}\index{iota-reduction@$\iota$-reduction}} -A specific conversion rule is associated to the inductive objects in -the global environment. We shall give later on (see Section~\ref{iotared}) the -precise rules but it just says that a destructor applied to an object -built from a constructor behaves as expected. This reduction is -called $\iota$-reduction and is more precisely studied in -\cite{Moh93,Wer94}. - - -\paragraph[$\delta$-reduction.]{$\delta$-reduction.\label{delta}\index{delta-reduction@$\delta$-reduction}} - -We may have variables defined in local contexts or constants defined in the global -environment. It is legal to identify such a reference with its value, -that is to expand (or unfold) it into its value. This -reduction is called $\delta$-reduction and shows as follows. - -$$\WTEGRED{x}{\triangleright_{\delta}}{t}~~~~~\mbox{if $(x:=t:T) \in \Gamma$}~~~~~~~~~\WTEGRED{c}{\triangleright_{\delta}}{t}~~~~~\mbox{if $(c:=t:T) \in E$}$$ - - -\paragraph[$\zeta$-reduction.]{$\zeta$-reduction.\label{zeta}\index{zeta-reduction@$\zeta$-reduction}} - -{\Coq} allows also to remove local definitions occurring in terms by -replacing the defined variable by its value. The declaration being -destroyed, this reduction differs from $\delta$-reduction. It is -called $\zeta$-reduction and shows as follows. - -$$\WTEGRED{\kw{let}~x:=u~\kw{in}~t}{\triangleright_{\zeta}}{\subst{t}{x}{u}}$$ - -\paragraph{$\eta$-expansion.% -\label{eta}% -\index{eta-expansion@$\eta$-expansion}% -%\index{eta-reduction@$\eta$-reduction} -}% -Another important concept is $\eta$-expansion. It is legal to identify any -term $t$ of functional type $\forall x:T, U$ with its so-called -$\eta$-expansion $\lb x:T\mto (t\ x)$ for $x$ an arbitrary variable -name fresh in $t$. - -\Rem We deliberately do not define $\eta$-reduction: -\begin{latexonly}% - $$\lb x:T\mto (t\ x)\not\triangleright_\eta\hskip.3em t$$ -\end{latexonly}% -\begin{htmlonly} - $$\lb x:T\mto (t\ x)~\not\triangleright_\eta~t$$ -\end{htmlonly} -This is because, in general, the type of $t$ need not to be convertible to the type of $\lb x:T\mto (t\ x)$. -E.g., if we take $f$ such that: -\begin{latexonly}% - $$f\hskip.5em:\hskip.5em\forall x:Type(2),Type(1)$$ -\end{latexonly}% -\begin{htmlonly} - $$f~:~\forall x:Type(2),Type(1)$$ -\end{htmlonly} -then -\begin{latexonly}% - $$\lb x:Type(1),(f\, x)\hskip.5em:\hskip.5em\forall x:Type(1),Type(1)$$ -\end{latexonly}% -\begin{htmlonly} - $$\lb x:Type(1),(f\, x)~:~\forall x:Type(1),Type(1)$$ -\end{htmlonly} -We could not allow -\begin{latexonly}% - $$\lb x:Type(1),(f\,x)\hskip.4em\not\triangleright_\eta\hskip.6em f$$ -\end{latexonly}% -\begin{htmlonly} - $$\lb x:Type(1),(f\,x)~\not\triangleright_\eta~f$$ -\end{htmlonly} -because the type of the reduced term $\forall x:Type(2),Type(1)$ -would not be convertible to the type of the original term $\forall x:Type(1),Type(1)$. - -\paragraph[Convertibility.]{Convertibility.\label{convertibility} -\index{beta-reduction@$\beta$-reduction}\index{iota-reduction@$\iota$-reduction}\index{delta-reduction@$\delta$-reduction}\index{zeta-reduction@$\zeta$-reduction}} - -Let us write $\WTEGRED{t}{\triangleright}{u}$ for the contextual closure of the relation $t$ reduces to $u$ in the global environment $E$ and local context $\Gamma$ with one of the previous reduction $\beta$, $\iota$, $\delta$ or $\zeta$. - -We say that two terms $t_1$ and $t_2$ are {\em - $\beta\iota\delta\zeta\eta$-convertible}, or simply {\em - convertible}, or {\em equivalent}, in the global environment $E$ and -local context $\Gamma$ iff there exist terms $u_1$ and $u_2$ such that -$\WTEGRED{t_1}{\triangleright \ldots \triangleright}{u_1}$ and -$\WTEGRED{t_2}{\triangleright \ldots \triangleright}{u_2}$ and either -$u_1$ and $u_2$ are identical, or they are convertible up to -$\eta$-expansion, i.e. $u_1$ is $\lb x:T\mto u'_1$ and $u_2\,x$ is -recursively convertible to $u'_1$, or, symmetrically, $u_2$ is $\lb -x:T\mto u'_2$ and $u_1\,x$ is recursively convertible to $u'_2$. We -then write $\WTEGCONV{t_1}{t_2}$. - -Apart from this we consider two instances of polymorphic and cumulative (see Chapter~\ref{Universes-full}) inductive types (see below) -convertible $\WTEGCONV{t\ w_1 \dots w_m}{t\ w_1' \dots w_m'}$ if we have subtypings (see below) in both directions, i.e., -$\WTEGLECONV{t\ w_1 \dots w_m}{t\ w_1' \dots w_m'}$ and $\WTEGLECONV{t\ w_1' \dots w_m'}{t\ w_1 \dots w_m}$. -Furthermore, we consider $\WTEGCONV{c\ v_1 \dots v_m}{c'\ v_1' \dots v_m'}$ convertible if $\WTEGCONV{v_i}{v_i'}$ -and we have that $c$ and $c'$ are the same constructors of different instances the same inductive types (differing only in universe levels) -such that $\WTEG{c\ v_1 \dots v_m}{t\ w_1 \dots w_m}$ and $\WTEG{c'\ v_1' \dots v_m'}{t'\ w_1' \dots w_m'}$ and we have $\WTEGCONV{t\ w_1 \dots w_m}{t\ w_1' \dots w_m'}$. - -The convertibility relation allows introducing a new typing rule -which says that two convertible well-formed types have the same -inhabitants. - -\section[Subtyping rules]{Subtyping rules\index{Subtyping rules} -\label{subtyping-rules}} - -At the moment, we did not take into account one rule between universes -which says that any term in a universe of index $i$ is also a term in -the universe of index $i+1$ (this is the {\em cumulativity} rule of -{\CIC}). This property extends the equivalence relation of -convertibility into a {\em subtyping} relation inductively defined by: -\begin{enumerate} -\item if $\WTEGCONV{t}{u}$ then $\WTEGLECONV{t}{u}$, -\item if $i \leq j$ then $\WTEGLECONV{\Type(i)}{\Type(j)}$, -\item for any $i$, $\WTEGLECONV{\Set}{\Type(i)}$, -\item $\WTEGLECONV{\Prop}{\Set}$, hence, by transitivity, - $\WTEGLECONV{\Prop}{\Type(i)}$, for any $i$ -\item if $\WTEGCONV{T}{U}$ and $\WTELECONV{\Gamma::(x:T)}{T'}{U'}$ then $\WTEGLECONV{\forall~x:T, T'}{\forall~x:U, U'}$. -\item if $\Ind{}{p}{\Gamma_I}{\Gamma_C}$ is a universe polymorphic and cumulative (see Chapter~\ref{Universes-full}) - inductive type (see below) and $(t : \forall\Gamma_P,\forall\Gamma_{\mathit{Arr}(t)}, \Sort)\in\Gamma_I$ - and $(t' : \forall\Gamma_P',\forall\Gamma_{\mathit{Arr}(t)}', \Sort')\in\Gamma_I$ - are two different instances of \emph{the same} inductive type (differing only in universe levels) with constructors - \[[c_1: \forall\Gamma_P,\forall T_{1,1} \dots T_{1,n_1},t\ v_{1,1} \dots v_{1,m}; \dots; c_k: \forall\Gamma_P,\forall T_{k, 1} \dots T_{k,n_k},t\ v_{n,1}\dots v_{n,m}]\] - and - \[[c_1: \forall\Gamma_P',\forall T_{1,1}' \dots T_{1,n_1}',t'\ v_{1,1}' \dots v_{1,m}'; \dots; c_k: \forall\Gamma_P',\forall T_{k, 1}' \dots T_{k,n_k}',t\ v_{n,1}'\dots v_{n,m}']\] - respectively then $\WTEGLECONV{t\ w_1 \dots w_m}{t\ w_1' \dots w_m'}$ (notice that $t$ and $t'$ are both fully applied, i.e., they have a sort as a type) - if $\WTEGCONV{w_i}{w_i'}$ for $1 \le i \le m$ and we have - \[ \WTEGLECONV{T_{i,j}}{T_{i,j}'} \text{ and } \WTEGLECONV{A_i}{A_i'}\] - where $\Gamma_{\mathit{Arr}(t)} = [a_1 : A_1; a_1 : A_l]$ and $\Gamma_{\mathit{Arr}(t)} = [a_1 : A_1'; a_1 : A_l']$. -\end{enumerate} - -The conversion rule up to subtyping is now exactly: - -\begin{description}\label{Conv} -\item[Conv]\index{Typing rules!Conv} - \inference{ - \frac{\WTEG{U}{s}~~~~\WTEG{t}{T}~~~~\WTEGLECONV{T}{U}}{\WTEG{t}{U}}} - \end{description} - - -\paragraph[Normal form.]{Normal form.\index{Normal form}\label{Normal-form}\label{Head-normal-form}\index{Head normal form}} -A term which cannot be any more reduced is said to be in {\em normal - form}. There are several ways (or strategies) to apply the reduction -rules. Among them, we have to mention the {\em head reduction} which -will play an important role (see Chapter~\ref{Tactics}). Any term can -be written as $\lb x_1:T_1\mto \ldots \lb x_k:T_k \mto -(t_0\ t_1\ldots t_n)$ where -$t_0$ is not an application. We say then that $t_0$ is the {\em head - of $t$}. If we assume that $t_0$ is $\lb x:T\mto u_0$ then one step of -$\beta$-head reduction of $t$ is: -\[\lb x_1:T_1\mto \ldots \lb x_k:T_k\mto (\lb x:T\mto u_0\ t_1\ldots t_n) -~\triangleright ~ \lb (x_1:T_1)\ldots(x_k:T_k)\mto -(\subst{u_0}{x}{t_1}\ t_2 \ldots t_n)\] -Iterating the process of head reduction until the head of the reduced -term is no more an abstraction leads to the {\em $\beta$-head normal - form} of $t$: -\[ t \triangleright \ldots \triangleright -\lb x_1:T_1\mto \ldots\lb x_k:T_k\mto (v\ u_1 -\ldots u_m)\] -where $v$ is not an abstraction (nor an application). Note that the -head normal form must not be confused with the normal form since some -$u_i$ can be reducible. -% -Similar notions of head-normal forms involving $\delta$, $\iota$ and $\zeta$ -reductions or any combination of those can also be defined. - -\section[Inductive definitions]{Inductive Definitions\label{Cic-inductive-definitions}} - -% Here we assume that the reader knows what is an inductive definition. - -Formally, we can represent any {\em inductive definition\index{definition!inductive}} as \Ind{}{p}{\Gamma_I}{\Gamma_C} where: -\begin{itemize} - \item $\Gamma_I$ determines the names and types of inductive types; - \item $\Gamma_C$ determines the names and types of constructors of these inductive types; - \item $p$ determines the number of parameters of these inductive types. -\end{itemize} -These inductive definitions, together with global assumptions and global definitions, then form the global environment. -% -Additionally, for any $p$ there always exists $\Gamma_P=[a_1:A_1;\dots;a_p:A_p]$ -such that each $T$ in $(t:T)\in\Gamma_I\cup\Gamma_C$ can be written as: -$\forall\Gamma_P, T^\prime$ where $\Gamma_P$ is called the {\em context of parameters\index{context of parameters}}. -Furthermore, we must have that each $T$ in $(t:T)\in\Gamma_I$ can be written as: -$\forall\Gamma_P,\forall\Gamma_{\mathit{Arr}(t)}, \Sort$ where $\Gamma_{\mathit{Arr}(t)}$ is called the -{\em Arity} of the inductive type\index{arity of inductive type} $t$ and -$\Sort$ is called the sort of the inductive type $t$. - -\paragraph{Examples} - - \newcommand\ind[3]{$\mathsf{Ind}~[#1]\left(\hskip-.4em - \begin{array}{r@{\mathrm{~:=~}}l} - #2 & #3 \\ - \end{array} - \hskip-.4em - \right)$} - \def\colon{@{\hskip.5em:\hskip.5em}} - -The declaration for parameterized lists is: -\begin{latexonly} - \vskip.5em - - \ind{1}{[\List:\Set\ra\Set]}{\left[\begin{array}{r@{:}l} - \Nil & \forall A:\Set,\List~A \\ - \cons & \forall A:\Set, A \ra \List~A \ra \List~A - \end{array} - \right]} - \vskip.5em -\end{latexonly} -\begin{rawhtml}<pre><table style="border-spacing:0"> - <tr style="vertical-align:middle"> - <td style="width:10pt;text-align:center;font-family:sans-serif;font-style:italic">Ind</td> - <td style="width:20pt;text-align:center">[1]</td> - <td style="width:5pt;text-align:center">⎛<br>⎝</td> - <td style="width:120pt;text-align:center">[ <span style="font-family:monospace">list : Set → Set</span> ]</td> - <td style="width:20pt;text-align:center;font-family:monospace">:=</td> - <td style="width:10pt;text-align:center">⎡<br>⎣</td> - <td> - <table style="border-spacing:0"> - <tr> - <td style="width:20pt;text-align:right;font-family:monospace">nil</td> - <td style="width:20pt;text-align:center;font-family:monospace">:=</td> - <td style="text-align:left;font-family:monospace">∀A : Set, list A</td> - </tr> - <tr> - <td style="width:20pt;text-align:right;font-family:monospace">cons</td> - <td style="width:20pt;text-align:center;font-family:monospace">:=</td> - <td style="text-align:left;font-family:monospace">∀A : Set, A → list A → list A</td> - </tr> - </table> - </td> - <td style="width:10pt;text-align:center">⎤<br>⎦</td> - <td style="width:5pt;text-align:center">⎞<br>⎠</td> - </tr> -</table></pre> -\end{rawhtml} -\noindent which corresponds to the result of the \Coq\ declaration: -\begin{coq_example*} -Inductive list (A:Set) : Set := - | nil : list A - | cons : A -> list A -> list A. -\end{coq_example*} - -\noindent The declaration for a mutual inductive definition of {\tree} and {\forest} is: -\begin{latexonly} - \vskip.5em -\ind{~}{\left[\begin{array}{r@{:}l}\tree&\Set\\\forest&\Set\end{array}\right]} - {\left[\begin{array}{r@{:}l} - \node & \forest \ra \tree\\ - \emptyf & \forest\\ - \consf & \tree \ra \forest \ra \forest\\ - \end{array}\right]} - \vskip.5em -\end{latexonly} -\begin{rawhtml}<pre><table style="border-spacing:0"> - <tr style="vertical-align:middle"> - <td style="width:10pt;text-align:center;font-family:sans-serif;font-style:italic">Ind</td> - <td style="width:20pt;text-align:center">[1]</td> - <td style="width:5pt;text-align:center">⎛<br>⎜<br>⎝</td> - <td style="width:10pt;text-align:center">⎡<br>⎣</td> - <td> - <table style="border-spacing:0"> - <tr> - <td style="width:20pt;text-align:right;font-family:monospace">tree</td> - <td style="width:20pt;text-align:center;font-family:monospace">:</td> - <td style="text-align:left;font-family:monospace">Set</td> - </tr> - <tr> - <td style="width:20pt;text-align:right;font-family:monospace">forest</td> - <td style="width:20pt;text-align:center;font-family:monospace">:</td> - <td style="text-align:left;font-family:monospace">Set</td> - </tr> - </table> - </td> - <td style="width:10pt;text-align:center">⎤<br>⎦</td> - <td style="width:20pt;text-align:center;font-family:monospace">:=</td> - <td style="width:10pt;text-align:center">⎡<br>⎢<br>⎣</td> - <td> - <table style="border-spacing:0"> - <tr> - <td style="width:20pt;text-align:right;font-family:monospace">node</td> - <td style="width:20pt;text-align:center;font-family:monospace">:</td> - <td style="text-align:left;font-family:monospace">forest → tree</td> - </tr> - <tr> - <td style="width:20pt;text-align:right;font-family:monospace">emptyf</td> - <td style="width:20pt;text-align:center;font-family:monospace">:</td> - <td style="text-align:left;font-family:monospace">forest</td> - </tr> - <tr> - <td style="width:20pt;text-align:right;font-family:monospace">consf</td> - <td style="width:20pt;text-align:center;font-family:monospace">:</td> - <td style="text-align:left;font-family:monospace">tree → forest → forest</td> - </tr> - </table> - </td> - <td style="width:10pt;text-align:center">⎤<br>⎥<br>⎦</td> - <td style="width:5pt;text-align:center">⎞<br>⎟<br>⎠</td> - </tr> -</table></pre> -\end{rawhtml} -\noindent which corresponds to the result of the \Coq\ -declaration: -\begin{coq_example*} -Inductive tree : Set := - node : forest -> tree -with forest : Set := - | emptyf : forest - | consf : tree -> forest -> forest. -\end{coq_example*} - -\noindent The declaration for a mutual inductive definition of {\even} and {\odd} is: -\begin{latexonly} - \newcommand\GammaI{\left[\begin{array}{r@{:}l} - \even & \nat\ra\Prop \\ - \odd & \nat\ra\Prop - \end{array} - \right]} - \newcommand\GammaC{\left[\begin{array}{r@{:}l} - \evenO & \even~\nO \\ - \evenS & \forall n : \nat, \odd~n \ra \even~(\nS~n)\\ - \oddS & \forall n : \nat, \even~n \ra \odd~(\nS~n) - \end{array} - \right]} - \vskip.5em - \ind{1}{\GammaI}{\GammaC} - \vskip.5em -\end{latexonly} -\begin{rawhtml}<pre><table style="border-spacing:0"> - <tr style="vertical-align:middle"> - <td style="width:10pt;text-align:center;font-family:sans-serif;font-style:italic">Ind</td> - <td style="width:20pt;text-align:center">[1]</td> - <td style="width:5pt;text-align:center">⎛<br>⎜<br>⎝</td> - <td style="width:10pt;text-align:center">⎡<br>⎣</td> - <td> - <table style="border-spacing:0"> - <tr> - <td style="width:20pt;text-align:right;font-family:monospace">even</td> - <td style="width:20pt;text-align:center;font-family:monospace">:</td> - <td style="text-align:left;font-family:monospace">nat → Prop</td> - </tr> - <tr> - <td style="width:20pt;text-align:right;font-family:monospace">odd</td> - <td style="width:20pt;text-align:center;font-family:monospace">:</td> - <td style="text-align:left;font-family:monospace">nat → Prop</td> - </tr> - </table> - </td> - <td style="width:10pt;text-align:center">⎤<br>⎦</td> - <td style="width:20pt;text-align:center;font-family:monospace">:=</td> - <td style="width:10pt;text-align:center">⎡<br>⎢<br>⎣</td> - <td> - <table style="border-spacing:0"> - <tr> - <td style="width:20pt;text-align:right;font-family:monospace">even_O</td> - <td style="width:20pt;text-align:center;font-family:monospace">:</td> - <td style="text-align:left;font-family:monospace">even O</td> - </tr> - <tr> - <td style="width:20pt;text-align:right;font-family:monospace">even_S</td> - <td style="width:20pt;text-align:center;font-family:monospace">:</td> - <td style="text-align:left;font-family:monospace">∀n : nat, odd n → even (S n)</td> - </tr> - <tr> - <td style="width:20pt;text-align:right;font-family:monospace">odd_S</td> - <td style="width:20pt;text-align:center;font-family:monospace">:</td> - <td style="text-align:left;font-family:monospace">∀n : nat, even n → odd (S n)</td> - </tr> - </table> - </td> - <td style="width:10pt;text-align:center">⎤<br>⎥<br>⎦</td> - <td style="width:5pt;text-align:center">⎞<br>⎟<br>⎠</td> - </tr> -</table></pre> -\end{rawhtml} -\noindent which corresponds to the result of the \Coq\ -declaration: -\begin{coq_example*} -Inductive even : nat -> Prop := - | even_O : even 0 - | even_S : forall n, odd n -> even (S n) -with odd : nat -> Prop := - | odd_S : forall n, even n -> odd (S n). -\end{coq_example*} - -\subsection{Types of inductive objects} -We have to give the type of constants in a global environment $E$ which -contains an inductive declaration. - -\begin{description} -\item[Ind] \index{Typing rules!Ind} - \inference{\frac{\WFE{\Gamma}~~~~~~~~\Ind{}{p}{\Gamma_I}{\Gamma_C} \in E~~~~~~~~(a:A)\in\Gamma_I}{\WTEG{a}{A}}} -\item[Constr] \index{Typing rules!Constr} - \inference{\frac{\WFE{\Gamma}~~~~~~~~\Ind{}{p}{\Gamma_I}{\Gamma_C} \in E~~~~~~~~(c:C)\in\Gamma_C}{\WTEG{c}{C}}} -\end{description} - -\begin{latexonly}% -\paragraph{Example.} -Provided that our environment $E$ contains inductive definitions we showed before, -these two inference rules above enable us to conclude that: -\vskip.5em -\newcommand\prefix{E[\Gamma]\vdash\hskip.25em} -$\begin{array}{@{}l} - \prefix\even : \nat\ra\Prop\\ - \prefix\odd : \nat\ra\Prop\\ - \prefix\evenO : \even~\nO\\ - \prefix\evenS : \forall~n:\nat, \odd~n \ra \even~(\nS~n)\\ - \prefix\oddS : \forall~n:\nat, \even~n \ra \odd~(\nS~n) - \end{array}$ -\end{latexonly}% - -%\paragraph{Parameters.} -%%The parameters introduce a distortion between the inside specification -%%of the inductive declaration where parameters are supposed to be -%%instantiated (this representation is appropriate for checking the -%%correctness or deriving the destructor principle) and the outside -%%typing rules where the inductive objects are seen as objects -%%abstracted with respect to the parameters. - -%In the definition of \List\ or \haslength\, $A$ is a parameter because -%what is effectively inductively defined is $\ListA$ or $\haslengthA$ for -%a given $A$ which is constant in the type of constructors. But when -%we define $(\haslengthA~l~n)$, $l$ and $n$ are not parameters because the -%constructors manipulate different instances of this family. - -\subsection{Well-formed inductive definitions} -We cannot accept any inductive declaration because some of them lead -to inconsistent systems. -We restrict ourselves to definitions which -satisfy a syntactic criterion of positivity. Before giving the formal -rules, we need a few definitions: - -\paragraph[Definition]{Definition\index{Arity}\label{Arity}} -A type $T$ is an {\em arity of sort $s$} if it converts -to the sort $s$ or to a product $\forall~x:T,U$ with $U$ an arity -of sort $s$. - -\paragraph[Examples]{Examples} -$A\ra \Set$ is an arity of sort $\Set$. -$\forall~A:\Prop,A\ra \Prop$ is an arity of sort \Prop. - -\paragraph[Definition]{Definition} -A type $T$ is an {\em arity} if there is a $s\in\Sort$ -such that $T$ is an arity of sort $s$. - -\paragraph[Examples]{Examples} -$A\ra \Set$ and $\forall~A:\Prop,A\ra \Prop$ are arities. - -\paragraph[Definition]{Definition\index{type of constructor}} -We say that $T$ is a {\em type of constructor of $I$\index{type of constructor}} -in one of the following two cases: -\begin{itemize} - \item $T$ is $(I~t_1\ldots ~t_n)$ - \item $T$ is $\forall x:U,T^\prime$ where $T^\prime$ is also a type of constructor of $I$ -\end{itemize} - -\paragraph[Examples]{Examples} -$\nat$ and $\nat\ra\nat$ are types of constructors of $\nat$.\\ -$\forall A:\Type,\List~A$ and $\forall A:\Type,A\ra\List~A\ra\List~A$ are constructors of $\List$. - -\paragraph[Definition]{Definition\index{Positivity}\label{Positivity}} -The type of constructor $T$ will be said to {\em satisfy the positivity -condition} for a constant $X$ in the following cases: - -\begin{itemize} -\item $T=(X~t_1\ldots ~t_n)$ and $X$ does not occur free in -any $t_i$ -\item $T=\forall~x:U,V$ and $X$ occurs only strictly positively in $U$ and -the type $V$ satisfies the positivity condition for $X$ -\end{itemize} -% -The constant $X$ {\em occurs strictly positively} in $T$ in the -following cases: -% -\begin{itemize} -\item $X$ does not occur in $T$ -\item $T$ converts to $(X~t_1 \ldots ~t_n)$ and $X$ does not occur in - any of $t_i$ -\item $T$ converts to $\forall~x:U,V$ and $X$ does not occur in - type $U$ but occurs strictly positively in type $V$ -\item $T$ converts to $(I~a_1 \ldots ~a_m ~ t_1 \ldots ~t_p)$ where - $I$ is the name of an inductive declaration of the form - $\Ind{\Gamma}{m}{I:A}{c_1:\forall p_1:P_1,\ldots \forall - p_m:P_m,C_1;\ldots;c_n:\forall p_1:P_1,\ldots \forall - p_m:P_m,C_n}$ - (in particular, it is not mutually defined and it has $m$ - parameters) and $X$ does not occur in any of the $t_i$, and the - (instantiated) types of constructor $C_i\{p_j/a_j\}_{j=1\ldots m}$ - of $I$ satisfy - the nested positivity condition for $X$ -%\item more generally, when $T$ is not a type, $X$ occurs strictly -%positively in $T[x:U]u$ if $X$ does not occur in $U$ but occurs -%strictly positively in $u$ -\end{itemize} -% -The type of constructor $T$ of $I$ {\em satisfies the nested -positivity condition} for a constant $X$ in the following -cases: - -\begin{itemize} -\item $T=(I~b_1\ldots b_m~u_1\ldots ~u_{p})$, $I$ is an inductive - definition with $m$ parameters and $X$ does not occur in -any $u_i$ -\item $T=\forall~x:U,V$ and $X$ occurs only strictly positively in $U$ and -the type $V$ satisfies the nested positivity condition for $X$ -\end{itemize} - -\newcommand\vv{\textSFxi} % │ -\newcommand\hh{\textSFx} % ─ -\newcommand\vh{\textSFviii} % ├ -\newcommand\hv{\textSFii} % └ -\newlength\framecharacterwidth -\settowidth\framecharacterwidth{\hh} -\newcommand\ws{\hbox{}\hskip\the\framecharacterwidth} -\newcommand\ruleref[1]{\hskip.25em\dots\hskip.2em{\em (bullet #1)}} -\newcommand{\NatTree}{\mbox{\textsf{nattree}}} -\newcommand{\NatTreeA}{\mbox{\textsf{nattree}}~\ensuremath{A}} -\newcommand{\cnode}{\mbox{\textsf{node}}} -\newcommand{\cleaf}{\mbox{\textsf{leaf}}} - -\noindent For instance, if one considers the following variant of a tree type branching over the natural numbers - -\begin{verbatim} -Inductive nattree (A:Type) : Type := - | leaf : nattree A - | node : A -> (nat -> nattree A) -> nattree A -\end{verbatim} - -\begin{latexonly} -\noindent Then every instantiated constructor of $\NatTreeA$ satisfies the nested positivity condition for $\NatTree$\\ -\noindent -\ws\ws\vv\\ -\ws\ws\vh\hh\ws concerning type $\NatTreeA$ of constructor $\cleaf$:\\ -\ws\ws\vv\ws\ws\ws\ws Type $\NatTreeA$ of constructor $\cleaf$ satisfies the positivity condition for $\NatTree$\\ -\ws\ws\vv\ws\ws\ws\ws because $\NatTree$ does not appear in any (real) arguments of the type of that constructor\\ -\ws\ws\vv\ws\ws\ws\ws (primarily because $\NatTree$ does not have any (real) arguments)\ruleref1\\ -\ws\ws\vv\\ -\ws\ws\hv\hh\ws concerning type $\forall~A\ra(\NN\ra\NatTreeA)\ra\NatTreeA$ of constructor $\cnode$:\\ - \ws\ws\ws\ws\ws\ws\ws Type $\forall~A:\Type,A\ra(\NN\ra\NatTreeA)\ra\NatTreeA$ of constructor $\cnode$\\ -\ws\ws\ws\ws\ws\ws\ws satisfies the positivity condition for $\NatTree$ because:\\ -\ws\ws\ws\ws\ws\ws\ws\vv\\ -\ws\ws\ws\ws\ws\ws\ws\vh\hh\ws $\NatTree$ occurs only strictly positively in $\Type$\ruleref1\\ -\ws\ws\ws\ws\ws\ws\ws\vv\\ -\ws\ws\ws\ws\ws\ws\ws\vh\hh\ws $\NatTree$ occurs only strictly positively in $A$\ruleref1\\ -\ws\ws\ws\ws\ws\ws\ws\vv\\ - \ws\ws\ws\ws\ws\ws\ws\vh\hh\ws $\NatTree$ occurs only strictly positively in $\NN\ra\NatTreeA$\ruleref{3+2}\\ -\ws\ws\ws\ws\ws\ws\ws\vv\\ -\ws\ws\ws\ws\ws\ws\ws\hv\hh\ws $\NatTree$ satisfies the positivity condition for $\NatTreeA$\ruleref1 -\end{latexonly} -\begin{rawhtml} -<pre> -<span style="font-family:serif">Then every instantiated constructor of <span style="font-family:monospace">nattree A</span> satisfies the nested positivity condition for <span style="font-family:monospace">nattree</span></span> - │ - ├─ <span style="font-family:serif">concerning type <span style="font-family:monospace">nattree A</span> of constructor <span style="font-family:monospace">nil</span>:</span> - │ <span style="font-family:serif">Type <span style="font-family:monospace">nattree A</span> of constructor <span style="font-family:monospace">nil</span> satisfies the positivity condition for <span style="font-family:monospace">nattree</span></span> - │ <span style="font-family:serif">because <span style="font-family:monospace">nattree</span> does not appear in any (real) arguments of the type of that constructor</span> - │ <span style="font-family:serif">(primarily because nattree does not have any (real) arguments) ... <span style="font-style:italic">(bullet 1)</span></span> - │ - ╰─ <span style="font-family:serif">concerning type <span style="font-family:monospace">∀ A → (nat → nattree A) → nattree A</span> of constructor <span style="font-family:monospace">cons</span>:</span> - <span style="font-family:serif">Type <span style="font-family:monospace">∀ A : Type, A → (nat → nattree A) → nattree A</span> of constructor <span style="font-family:monospace">cons</span></span> - <span style="font-family:serif">satisfies the positivity condition for <span style="font-family:monospace">nattree</span> because:</span> - │ - ├─ <span style="font-family:serif"><span style="font-family:monospace">nattree</span> occurs only strictly positively in <span style="font-family:monospace">Type</span> ... <span style="font-style:italic">(bullet 1)</span></span> - │ - ├─ <span style="font-family:serif"><span style="font-family:monospace">nattree</span> occurs only strictly positively in <span style="font-family:monospace">A</span> ... <span style="font-style:italic">(bullet 1)</span></span> - │ - ├─ <span style="font-family:serif"><span style="font-family:monospace">nattree</span> occurs only strictly positively in <span style="font-family:monospace">nat → nattree A</span> ... <span style="font-style:italic">(bullet 3+2)</span></span> - │ - ╰─ <span style="font-family:serif"><span style="font-family:monospace">nattree</span> satisfies the positivity condition for <span style="font-family:monospace">nattree A</span> ... <span style="font-style:italic">(bullet 1)</span></span> -</pre> -\end{rawhtml} - -\paragraph{Correctness rules.} -We shall now describe the rules allowing the introduction of a new -inductive definition. - -\begin{description} -\item[W-Ind] Let $E$ be a global environment and - $\Gamma_P,\Gamma_I,\Gamma_C$ are contexts such that - $\Gamma_I$ is $[I_1:\forall \Gamma_P,A_1;\ldots;I_k:\forall - \Gamma_P,A_k]$ and $\Gamma_C$ is - $[c_1:\forall \Gamma_P,C_1;\ldots;c_n:\forall \Gamma_P,C_n]$. -\inference{ - \frac{ - (\WTE{\Gamma_P}{A_j}{s'_j})_{j=1\ldots k} - ~~~~~~~~ (\WTE{\Gamma_I;\Gamma_P}{C_i}{s_{q_i}})_{i=1\ldots n} -} - {\WF{E;\Ind{}{p}{\Gamma_I}{\Gamma_C}}{\Gamma}}} -provided that the following side conditions hold: -\begin{itemize} -\item $k>0$ and all of $I_j$ and $c_i$ are distinct names for $j=1\ldots k$ and $i=1\ldots n$, -\item $p$ is the number of parameters of \NInd{}{\Gamma_I}{\Gamma_C} - and $\Gamma_P$ is the context of parameters, -\item for $j=1\ldots k$ we have that $A_j$ is an arity of sort $s_j$ and $I_j - \notin E$, -\item for $i=1\ldots n$ we have that $C_i$ is a type of constructor of - $I_{q_i}$ which satisfies the positivity condition for $I_1 \ldots I_k$ - and $c_i \notin \Gamma \cup E$. -\end{itemize} -\end{description} -One can remark that there is a constraint between the sort of the -arity of the inductive type and the sort of the type of its -constructors which will always be satisfied for the impredicative sort -{\Prop} but may fail to define inductive definition -on sort \Set{} and generate constraints between universes for -inductive definitions in the {\Type} hierarchy. - -\paragraph{Examples.} -It is well known that existential quantifier can be encoded as an -inductive definition. -The following declaration introduces the second-order existential -quantifier $\exists X.P(X)$. -\begin{coq_example*} -Inductive exProp (P:Prop->Prop) : Prop := - exP_intro : forall X:Prop, P X -> exProp P. -\end{coq_example*} -The same definition on \Set{} is not allowed and fails: -% (********** The following is not correct and should produce **********) -% (*** Error: Large non-propositional inductive types must be in Type***) -\begin{coq_example} -Fail Inductive exSet (P:Set->Prop) : Set := - exS_intro : forall X:Set, P X -> exSet P. -\end{coq_example} -It is possible to declare the same inductive definition in the -universe \Type. -The \texttt{exType} inductive definition has type $(\Type_i \ra\Prop)\ra -\Type_j$ with the constraint that the parameter \texttt{X} of \texttt{exT\_intro} has type $\Type_k$ with $k<j$ and $k\leq i$. -\begin{coq_example*} -Inductive exType (P:Type->Prop) : Type := - exT_intro : forall X:Type, P X -> exType P. -\end{coq_example*} -%We shall assume for the following definitions that, if necessary, we -%annotated the type of constructors such that we know if the argument -%is recursive or not. We shall write the type $(x:_R T)C$ if it is -%a recursive argument and $(x:_P T)C$ if the argument is not recursive. - -\paragraph[Template polymorphism.]{Template polymorphism.\index{Template polymorphism}} -\label{Template-polymorphism} - -Inductive types declared in {\Type} are -polymorphic over their arguments in {\Type}. -If $A$ is an arity of some sort and $s$ is a sort, we write $A_{/s}$ for the arity -obtained from $A$ by replacing its sort with $s$. Especially, if $A$ -is well-typed in some global environment and local context, then $A_{/s}$ is typable -by typability of all products in the Calculus of Inductive Constructions. -The following typing rule is added to the theory. - -\begin{description} -\item[Ind-Family] Let $\Ind{}{p}{\Gamma_I}{\Gamma_C}$ be an - inductive definition. Let $\Gamma_P = [p_1:P_1;\ldots;p_{p}:P_{p}]$ - be its context of parameters, $\Gamma_I = [I_1:\forall - \Gamma_P,A_1;\ldots;I_k:\forall \Gamma_P,A_k]$ its context of - definitions and $\Gamma_C = [c_1:\forall - \Gamma_P,C_1;\ldots;c_n:\forall \Gamma_P,C_n]$ its context of - constructors, with $c_i$ a constructor of $I_{q_i}$. - - Let $m \leq p$ be the length of the longest prefix of parameters - such that the $m$ first arguments of all occurrences of all $I_j$ in - all $C_k$ (even the occurrences in the hypotheses of $C_k$) are - exactly applied to $p_1~\ldots~p_m$ ($m$ is the number of {\em - recursively uniform parameters} and the $p-m$ remaining parameters - are the {\em recursively non-uniform parameters}). Let $q_1$, - \ldots, $q_r$, with $0\leq r\leq m$, be a (possibly) partial - instantiation of the recursively uniform parameters of - $\Gamma_P$. We have: - -\inference{\frac -{\left\{\begin{array}{l} -\Ind{}{p}{\Gamma_I}{\Gamma_C} \in E\\ -(E[] \vdash q_l : P'_l)_{l=1\ldots r}\\ -(\WTELECONV{}{P'_l}{\subst{P_l}{p_u}{q_u}_{u=1\ldots l-1}})_{l=1\ldots r}\\ -1 \leq j \leq k -\end{array} -\right.} -{E[] \vdash I_j\,q_1\,\ldots\,q_r:\forall [p_{r+1}:P_{r+1};\ldots;p_{p}:P_{p}], (A_j)_{/s_j}} -} - -provided that the following side conditions hold: - -\begin{itemize} -\item $\Gamma_{P'}$ is the context obtained from $\Gamma_P$ by -replacing each $P_l$ that is an arity with $P'_l$ for $1\leq l \leq r$ (notice that -$P_l$ arity implies $P'_l$ arity since $\WTELECONV{}{P'_l}{ \subst{P_l}{p_u}{q_u}_{u=1\ldots l-1}}$); -\item there are sorts $s_i$, for $1 \leq i \leq k$ such that, for - $\Gamma_{I'} = [I_1:\forall - \Gamma_{P'},(A_1)_{/s_1};\ldots;I_k:\forall \Gamma_{P'},(A_k)_{/s_k}]$ -we have $(\WTE{\Gamma_{I'};\Gamma_{P'}}{C_i}{s_{q_i}})_{i=1\ldots n}$; -\item the sorts $s_i$ are such that all eliminations, to {\Prop}, {\Set} and - $\Type(j)$, are allowed (see Section~\ref{allowedeleminationofsorts}). -\end{itemize} -\end{description} -% -Notice that if $I_j\,q_1\,\ldots\,q_r$ is typable using the rules {\bf -Ind-Const} and {\bf App}, then it is typable using the rule {\bf -Ind-Family}. Conversely, the extended theory is not stronger than the -theory without {\bf Ind-Family}. We get an equiconsistency result by -mapping each $\Ind{}{p}{\Gamma_I}{\Gamma_C}$ occurring into a -given derivation into as many different inductive types and constructors -as the number of different (partial) replacements of sorts, needed for -this derivation, in the parameters that are arities (this is possible -because $\Ind{}{p}{\Gamma_I}{\Gamma_C}$ well-formed implies -that $\Ind{}{p}{\Gamma_{I'}}{\Gamma_{C'}}$ is well-formed and -has the same allowed eliminations, where -$\Gamma_{I'}$ is defined as above and $\Gamma_{C'} = [c_1:\forall -\Gamma_{P'},C_1;\ldots;c_n:\forall \Gamma_{P'},C_n]$). That is, -the changes in the types of each partial instance -$q_1\,\ldots\,q_r$ can be characterized by the ordered sets of arity -sorts among the types of parameters, and to each signature is -associated a new inductive definition with fresh names. Conversion is -preserved as any (partial) instance $I_j\,q_1\,\ldots\,q_r$ or -$C_i\,q_1\,\ldots\,q_r$ is mapped to the names chosen in the specific -instance of $\Ind{}{p}{\Gamma_I}{\Gamma_C}$. - -\newcommand{\Single}{\mbox{\textsf{Set}}} - -In practice, the rule {\bf Ind-Family} is used by {\Coq} only when all the -inductive types of the inductive definition are declared with an arity whose -sort is in the $\Type$ -hierarchy. Then, the polymorphism is over the parameters whose -type is an arity of sort in the {\Type} hierarchy. -The sort $s_j$ are -chosen canonically so that each $s_j$ is minimal with respect to the -hierarchy ${\Prop}\subset{\Set_p}\subset\Type$ where $\Set_p$ is -predicative {\Set}. -%and ${\Prop_u}$ is the sort of small singleton -%inductive types (i.e. of inductive types with one single constructor -%and that contains either proofs or inhabitants of singleton types -%only). -More precisely, an empty or small singleton inductive definition -(i.e. an inductive definition of which all inductive types are -singleton -- see paragraph~\ref{singleton}) is set in -{\Prop}, a small non-singleton inductive type is set in {\Set} (even -in case {\Set} is impredicative -- see Section~\ref{impredicativity}), -and otherwise in the {\Type} hierarchy. - -Note that the side-condition about allowed elimination sorts in the -rule~{\bf Ind-Family} is just to avoid to recompute the allowed -elimination sorts at each instance of a pattern-matching (see -section~\ref{elimdep}). -As an example, let us consider the following definition: -\begin{coq_example*} -Inductive option (A:Type) : Type := -| None : option A -| Some : A -> option A. -\end{coq_example*} -% -As the definition is set in the {\Type} hierarchy, it is used -polymorphically over its parameters whose types are arities of a sort -in the {\Type} hierarchy. Here, the parameter $A$ has this property, -hence, if \texttt{option} is applied to a type in {\Set}, the result is -in {\Set}. Note that if \texttt{option} is applied to a type in {\Prop}, -then, the result is not set in \texttt{Prop} but in \texttt{Set} -still. This is because \texttt{option} is not a singleton type (see -section~\ref{singleton}) and it would lose the elimination to {\Set} and -{\Type} if set in {\Prop}. - -\begin{coq_example} -Check (fun A:Set => option A). -Check (fun A:Prop => option A). -\end{coq_example} -% -Here is another example. -% -\begin{coq_example*} -Inductive prod (A B:Type) : Type := pair : A -> B -> prod A B. -\end{coq_example*} -% -As \texttt{prod} is a singleton type, it will be in {\Prop} if applied -twice to propositions, in {\Set} if applied twice to at least one type -in {\Set} and none in {\Type}, and in {\Type} otherwise. In all cases, -the three kind of eliminations schemes are allowed. - -\begin{coq_example} -Check (fun A:Set => prod A). -Check (fun A:Prop => prod A A). -Check (fun (A:Prop) (B:Set) => prod A B). -Check (fun (A:Type) (B:Prop) => prod A B). -\end{coq_example} - -\Rem Template polymorphism used to be called ``sort-polymorphism of -inductive types'' before universe polymorphism (see -Chapter~\ref{Universes-full}) was introduced. - -\subsection{Destructors} -The specification of inductive definitions with arities and -constructors is quite natural. But we still have to say how to use an -object in an inductive type. - -This problem is rather delicate. There are actually several different -ways to do that. Some of them are logically equivalent but not always -equivalent from the computational point of view or from the user point -of view. - -From the computational point of view, we want to be able to define a -function whose domain is an inductively defined type by using a -combination of case analysis over the possible constructors of the -object and recursion. - -Because we need to keep a consistent theory and also we prefer to keep -a strongly normalizing reduction, we cannot accept any sort of -recursion (even terminating). So the basic idea is to restrict -ourselves to primitive recursive functions and functionals. - -For instance, assuming a parameter $A:\Set$ exists in the local context, we -want to build a function \length\ of type $\ListA\ra \nat$ which -computes the length of the list, so such that $(\length~(\Nil~A)) = \nO$ -and $(\length~(\cons~A~a~l)) = (\nS~(\length~l))$. We want these -equalities to be recognized implicitly and taken into account in the -conversion rule. - -From the logical point of view, we have built a type family by giving -a set of constructors. We want to capture the fact that we do not -have any other way to build an object in this type. So when trying to -prove a property about an object $m$ in an inductive definition it is -enough to enumerate all the cases where $m$ starts with a different -constructor. - -In case the inductive definition is effectively a recursive one, we -want to capture the extra property that we have built the smallest -fixed point of this recursive equation. This says that we are only -manipulating finite objects. This analysis provides induction -principles. -For instance, in order to prove $\forall l:\ListA,(\haslengthA~l~(\length~l))$ -it is enough to prove: -% -\begin{itemize} - \item $(\haslengthA~(\Nil~A)~(\length~(\Nil~A)))$ - \item $\forall a:A, \forall l:\ListA, (\haslengthA~l~(\length~l)) \ra\\ - \ra (\haslengthA~(\cons~A~a~l)~(\length~(\cons~A~a~l)))$ -\end{itemize} -% -which given the conversion equalities satisfied by \length\ is the -same as proving: -% -\begin{itemize} - \item $(\haslengthA~(\Nil~A)~\nO)$ - \item $\forall a:A, \forall l:\ListA, (\haslengthA~l~(\length~l)) \ra\\ - \ra (\haslengthA~(\cons~A~a~l)~(\nS~(\length~l)))$ -\end{itemize} -% -One conceptually simple way to do that, following the basic scheme -proposed by Martin-L\"of in his Intuitionistic Type Theory, is to -introduce for each inductive definition an elimination operator. At -the logical level it is a proof of the usual induction principle and -at the computational level it implements a generic operator for doing -primitive recursion over the structure. - -But this operator is rather tedious to implement and use. We choose in -this version of {\Coq} to factorize the operator for primitive recursion -into two more primitive operations as was first suggested by Th. Coquand -in~\cite{Coq92}. One is the definition by pattern-matching. The second one is a definition by guarded fixpoints. - -\subsubsection[The {\tt match\ldots with \ldots end} construction.]{The {\tt match\ldots with \ldots end} construction.\label{Caseexpr} -\index{match@{\tt match\ldots with\ldots end}}} - -The basic idea of this operator is that we have an object -$m$ in an inductive type $I$ and we want to prove a property -which possibly depends on $m$. For this, it is enough to prove the -property for $m = (c_i~u_1\ldots u_{p_i})$ for each constructor of $I$. -The \Coq{} term for this proof will be written: -\[\kw{match}~m~\kw{with}~ (c_1~x_{11}~...~x_{1p_1}) \Ra f_1 ~|~\ldots~|~ - (c_n~x_{n1}~...~x_{np_n}) \Ra f_n~ \kw{end}\] -In this expression, if -$m$ eventually happens to evaluate to $(c_i~u_1\ldots u_{p_i})$ then -the expression will behave as specified in its $i$-th branch and -it will reduce to $f_i$ where the $x_{i1}$\ldots $x_{ip_i}$ are replaced -by the $u_1\ldots u_{p_i}$ according to the $\iota$-reduction. - -Actually, for type-checking a \kw{match\ldots with\ldots end} -expression we also need to know the predicate $P$ to be proved by case -analysis. In the general case where $I$ is an inductively defined -$n$-ary relation, $P$ is a predicate over $n+1$ arguments: the $n$ first ones -correspond to the arguments of $I$ (parameters excluded), and the last -one corresponds to object $m$. \Coq{} can sometimes infer this -predicate but sometimes not. The concrete syntax for describing this -predicate uses the \kw{as\ldots in\ldots return} construction. For -instance, let us assume that $I$ is an unary predicate with one -parameter and one argument. The predicate is made explicit using the syntax: -\[\kw{match}~m~\kw{as}~ x~ \kw{in}~ I~\verb!_!~a~ \kw{return}~ P - ~\kw{with}~ (c_1~x_{11}~...~x_{1p_1}) \Ra f_1 ~|~\ldots~|~ - (c_n~x_{n1}~...~x_{np_n}) \Ra f_n \kw{end}\] -The \kw{as} part can be omitted if either the result type does not -depend on $m$ (non-dependent elimination) or $m$ is a variable (in -this case, $m$ can occur in $P$ where it is considered a bound variable). -The \kw{in} part can be -omitted if the result type does not depend on the arguments of -$I$. Note that the arguments of $I$ corresponding to parameters -\emph{must} be \verb!_!, because the result type is not generalized to -all possible values of the parameters. -The other arguments of $I$ -(sometimes called indices in the literature) -% NOTE: e.g. http://www.qatar.cmu.edu/~sacchini/papers/types08.pdf -have to be variables -($a$ above) and these variables can occur in $P$. -The expression after \kw{in} -must be seen as an \emph{inductive type pattern}. Notice that -expansion of implicit arguments and notations apply to this pattern. -% -For the purpose of presenting the inference rules, we use a more -compact notation: -\[ \Case{(\lb a x \mto P)}{m}{ \lb x_{11}~...~x_{1p_1} \mto f_1 ~|~\ldots~|~ - \lb x_{n1}...x_{np_n} \mto f_n}\] - -%% CP 06/06 Obsolete avec la nouvelle syntaxe et incompatible avec la -%% presentation theorique qui suit -% \paragraph{Non-dependent elimination.} -% -% When defining a function of codomain $C$ by case analysis over an -% object in an inductive type $I$, we build an object of type $I -% \ra C$. The minimality principle on an inductively defined logical -% predicate $I$ of type $A \ra \Prop$ is often used to prove a property -% $\forall x:A,(I~x)\ra (C~x)$. These are particular cases of the dependent -% principle that we stated before with a predicate which does not depend -% explicitly on the object in the inductive definition. - -% For instance, a function testing whether a list is empty -% can be -% defined as: -% \[\kw{fun} l:\ListA \Ra \kw{match}~l~\kw{with}~ \Nil \Ra \true~ -% |~(\cons~a~m) \Ra \false \kw{end}\] -% represented by -% \[\lb l:\ListA \mto\Case{\bool}{l}{\true~ |~ \lb a~m,~\false}\] -%\noindent {\bf Remark. } - -% In the system \Coq\ the expression above, can be -% written without mentioning -% the dummy abstraction: -% \Case{\bool}{l}{\Nil~ \mbox{\tt =>}~\true~ |~ (\cons~a~m)~ -% \mbox{\tt =>}~ \false} - -\paragraph[Allowed elimination sorts.]{Allowed elimination sorts.\index{Elimination sorts}} -\label{allowedeleminationofsorts} - -An important question for building the typing rule for \kw{match} is -what can be the type of $\lb a x \mto P$ with respect to the type of $m$. If -$m:I$ and -$I:A$ and -$\lb a x \mto P : B$ -then by \compat{I:A}{B} we mean that one can use $\lb a x \mto P$ with $m$ in the above -match-construct. - -\paragraph{Notations.} -The \compat{I:A}{B} is defined as the smallest relation satisfying the -following rules: -We write \compat{I}{B} for \compat{I:A}{B} where $A$ is the type of -$I$. - -The case of inductive definitions in sorts \Set\ or \Type{} is simple. -There is no restriction on the sort of the predicate to be -eliminated. -% -\begin{description} -\item[Prod] \inference{\frac{\compat{(I~x):A'}{B'}} - {\compat{I:\forall x:A, A'}{\forall x:A, B'}}} -\item[{\Set} \& \Type] \inference{\frac{ - s_1 \in \{\Set,\Type(j)\}~~~~~~~~s_2 \in \Sort}{\compat{I:s_1}{I\ra s_2}}} -\end{description} -% -The case of Inductive definitions of sort \Prop{} is a bit more -complicated, because of our interpretation of this sort. The only -harmless allowed elimination, is the one when predicate $P$ is also of -sort \Prop. -\begin{description} -\item[\Prop] \inference{\compat{I:\Prop}{I\ra\Prop}} -\end{description} -\Prop{} is the type of logical propositions, the proofs of properties -$P$ in \Prop{} could not be used for computation and are consequently -ignored by the extraction mechanism. -Assume $A$ and $B$ are two propositions, and the logical disjunction -$A\vee B$ is defined inductively by: -\begin{coq_example*} -Inductive or (A B:Prop) : Prop := - or_introl : A -> or A B | or_intror : B -> or A B. -\end{coq_example*} -The following definition which computes a boolean value by case over -the proof of \texttt{or A B} is not accepted: -% (***************************************************************) -% (*** This example should fail with ``Incorrect elimination'' ***) -\begin{coq_example} -Fail Definition choice (A B: Prop) (x:or A B) := - match x with or_introl _ _ a => true | or_intror _ _ b => false end. -\end{coq_example} -From the computational point of view, the structure of the proof of -\texttt{(or A B)} in this term is needed for computing the boolean -value. - -In general, if $I$ has type \Prop\ then $P$ cannot have type $I\ra -\Set$, because it will mean to build an informative proof of type -$(P~m)$ doing a case analysis over a non-computational object that -will disappear in the extracted program. But the other way is safe -with respect to our interpretation we can have $I$ a computational -object and $P$ a non-computational one, it just corresponds to proving -a logical property of a computational object. - -% Also if $I$ is in one of the sorts \{\Prop, \Set\}, one cannot in -% general allow an elimination over a bigger sort such as \Type. But -% this operation is safe whenever $I$ is a {\em small inductive} type, -% which means that all the types of constructors of -% $I$ are small with the following definition:\\ -% $(I~t_1\ldots t_s)$ is a {\em small type of constructor} and -% $\forall~x:T,C$ is a small type of constructor if $C$ is and if $T$ -% has type \Prop\ or \Set. \index{Small inductive type} - -% We call this particular elimination which gives the possibility to -% compute a type by induction on the structure of a term, a {\em strong -% elimination}\index{Strong elimination}. - -In the same spirit, elimination on $P$ of type $I\ra -\Type$ cannot be allowed because it trivially implies the elimination -on $P$ of type $I\ra \Set$ by cumulativity. It also implies that there -are two proofs of the same property which are provably different, -contradicting the proof-irrelevance property which is sometimes a -useful axiom: -\begin{coq_example} -Axiom proof_irrelevance : forall (P : Prop) (x y : P), x=y. -\end{coq_example} -\begin{coq_eval} -Reset proof_irrelevance. -\end{coq_eval} -The elimination of an inductive definition of type \Prop\ on a -predicate $P$ of type $I\ra \Type$ leads to a paradox when applied to -impredicative inductive definition like the second-order existential -quantifier \texttt{exProp} defined above, because it give access to -the two projections on this type. - -%\paragraph{Warning: strong elimination} -%\index{Elimination!Strong elimination} -%In previous versions of Coq, for a small inductive definition, only the -%non-informative strong elimination on \Type\ was allowed, because -%strong elimination on \Typeset\ was not compatible with the current -%extraction procedure. In this version, strong elimination on \Typeset\ -%is accepted but a dummy element is extracted from it and may generate -%problems if extracted terms are explicitly used such as in the -%{\tt Program} tactic or when extracting ML programs. - -\paragraph[Empty and singleton elimination]{Empty and singleton elimination\label{singleton} -\index{Elimination!Singleton elimination} -\index{Elimination!Empty elimination}} - -There are special inductive definitions in \Prop\ for which more -eliminations are allowed. -\begin{description} -\item[\Prop-extended] -\inference{ - \frac{I \mbox{~is an empty or singleton - definition}~~~s \in \Sort}{\compat{I:\Prop}{I\ra s}} -} -\end{description} -% -% A {\em singleton definition} has always an informative content, -% even if it is a proposition. -% -A {\em singleton -definition} has only one constructor and all the arguments of this -constructor have type \Prop. In that case, there is a canonical -way to interpret the informative extraction on an object in that type, -such that the elimination on any sort $s$ is legal. Typical examples are -the conjunction of non-informative propositions and the equality. -If there is an hypothesis $h:a=b$ in the local context, it can be used for -rewriting not only in logical propositions but also in any type. -% In that case, the term \verb!eq_rec! which was defined as an axiom, is -% now a term of the calculus. -\begin{coq_eval} -Require Extraction. -\end{coq_eval} -\begin{coq_example} -Print eq_rec. -Extraction eq_rec. -\end{coq_example} -An empty definition has no constructors, in that case also, -elimination on any sort is allowed. - -\paragraph{Type of branches.} -Let $c$ be a term of type $C$, we assume $C$ is a type of constructor -for an inductive type $I$. Let $P$ be a term that represents the -property to be proved. -We assume $r$ is the number of parameters and $p$ is the number of arguments. - -We define a new type \CI{c:C}{P} which represents the type of the -branch corresponding to the $c:C$ constructor. -\[ -\begin{array}{ll} -\CI{c:(I~p_1\ldots p_r\ t_1 \ldots t_p)}{P} &\equiv (P~t_1\ldots ~t_p~c) \\[2mm] -\CI{c:\forall~x:T,C}{P} &\equiv \forall~x:T,\CI{(c~x):C}{P} -\end{array} -\] -We write \CI{c}{P} for \CI{c:C}{P} with $C$ the type of $c$. - -\paragraph{Example.} -The following term in concrete syntax: -\begin{verbatim} -match t as l return P' with -| nil _ => t1 -| cons _ hd tl => t2 -end -\end{verbatim} -can be represented in abstract syntax as $$\Case{P}{t}{f_1\,|\,f_2}$$ -where -\begin{eqnarray*} - P & = & \lambda~l~.~P^\prime\\ - f_1 & = & t_1\\ - f_2 & = & \lambda~(hd:\nat)~.~\lambda~(tl:\List~\nat)~.~t_2 -\end{eqnarray*} -According to the definition: -\begin{latexonly}\vskip.5em\noindent\end{latexonly}% -\begin{htmlonly} - -\end{htmlonly} -$ \CI{(\Nil~\nat)}{P} \equiv \CI{(\Nil~\nat) : (\List~\nat)}{P} \equiv (P~(\Nil~\nat))$ -\begin{latexonly}\vskip.5em\noindent\end{latexonly}% -\begin{htmlonly} - -\end{htmlonly} -$ \CI{(\cons~\nat)}{P} - \equiv\CI{(\cons~\nat) : (\nat\ra\List~\nat\ra\List~\nat)}{P} \equiv\\ - \equiv\forall n:\nat, \CI{(\cons~\nat~n) : \List~\nat\ra\List~\nat)}{P} \equiv\\ - \equiv\forall n:\nat, \forall l:\List~\nat, \CI{(\cons~\nat~n~l) : \List~\nat)}{P} \equiv\\ -\equiv\forall n:\nat, \forall l:\List~\nat,(P~(\cons~\nat~n~l))$. -\begin{latexonly}\vskip.5em\noindent\end{latexonly}% -\begin{htmlonly} - -\end{htmlonly} -Given some $P$, then \CI{(\Nil~\nat)}{P} represents the expected type of $f_1$, and -\CI{(\cons~\nat)}{P} represents the expected type of $f_2$. - -\paragraph{Typing rule.} - -Our very general destructor for inductive definition enjoys the -following typing rule -% , where we write -% \[ -% \Case{P}{c}{[x_{11}:T_{11}]\ldots[x_{1p_1}:T_{1p_1}]g_1\ldots -% [x_{n1}:T_{n1}]\ldots[x_{np_n}:T_{np_n}]g_n} -% \] -% for -% \[ -% \Case{P}{c}{(c_1~x_{11}~...~x_{1p_1}) \Ra g_1 ~|~\ldots~|~ -% (c_n~x_{n1}...x_{np_n}) \Ra g_n } -% \] - -\begin{description} -\item[match] \label{elimdep} \index{Typing rules!match} -\inference{ -\frac{\WTEG{c}{(I~q_1\ldots q_r~t_1\ldots t_s)}~~ - \WTEG{P}{B}~~\compat{(I~q_1\ldots q_r)}{B} - ~~ -(\WTEG{f_i}{\CI{(c_{p_i}~q_1\ldots q_r)}{P}})_{i=1\ldots l}} -{\WTEG{\Case{P}{c}{f_1|\ldots |f_l}}{(P\ t_1\ldots t_s\ c)}}}%\\[3mm] - -provided $I$ is an inductive type in a definition -\Ind{}{r}{\Gamma_I}{\Gamma_C} with -$\Gamma_C = [c_1:C_1;\ldots;c_n:C_n]$ and $c_{p_1}\ldots c_{p_l}$ are the -only constructors of $I$. -\end{description} - -\paragraph{Example.} - -Below is a typing rule for the term shown in the previous example: -\inference{ - \frac{% - \WTEG{t}{(\List~\nat)}~~~~% - \WTEG{P}{B}~~~~% - \compat{(\List~\nat)}{B}~~~~% - \WTEG{f_1}{\CI{(\Nil~\nat)}{P}}~~~~% - \WTEG{f_2}{\CI{(\cons~\nat)}{P}}% - } -{\WTEG{\Case{P}{t}{f_1|f_2}}{(P~t)}}} - -\paragraph[Definition of $\iota$-reduction.]{Definition of $\iota$-reduction.\label{iotared} -\index{iota-reduction@$\iota$-reduction}} -We still have to define the $\iota$-reduction in the general case. - -A $\iota$-redex is a term of the following form: -\[\Case{P}{(c_{p_i}~q_1\ldots q_r~a_1\ldots a_m)}{f_1|\ldots | - f_l}\] -with $c_{p_i}$ the $i$-th constructor of the inductive type $I$ with $r$ -parameters. - -The $\iota$-contraction of this term is $(f_i~a_1\ldots a_m)$ leading -to the general reduction rule: -\[ \Case{P}{(c_{p_i}~q_1\ldots q_r~a_1\ldots a_m)}{f_1|\ldots | - f_n} \triangleright_{\iota} (f_i~a_1\ldots a_m) \] - -\subsection[Fixpoint definitions]{Fixpoint definitions\label{Fix-term} \index{Fix@{\tt Fix}}} -The second operator for elimination is fixpoint definition. -This fixpoint may involve several mutually recursive definitions. -The basic concrete syntax for a recursive set of mutually recursive -declarations is (with $\Gamma_i$ contexts): -\[\kw{fix}~f_1 (\Gamma_1) :A_1:=t_1~\kw{with} \ldots \kw{with}~ f_n -(\Gamma_n) :A_n:=t_n\] -The terms are obtained by projections from this set of declarations -and are written -\[\kw{fix}~f_1 (\Gamma_1) :A_1:=t_1~\kw{with} \ldots \kw{with}~ f_n -(\Gamma_n) :A_n:=t_n~\kw{for}~f_i\] -In the inference rules, we represent such a -term by -\[\Fix{f_i}{f_1:A_1':=t_1' \ldots f_n:A_n':=t_n'}\] -with $t_i'$ (resp. $A_i'$) representing the term $t_i$ abstracted -(resp. generalized) with -respect to the bindings in the context $\Gamma_i$, namely -$t_i'=\lb \Gamma_i \mto t_i$ and $A_i'=\forall \Gamma_i, A_i$. - -\subsubsection{Typing rule} -The typing rule is the expected one for a fixpoint. - -\begin{description} -\item[Fix] \index{Typing rules!Fix} -\inference{\frac{(\WTEG{A_i}{s_i})_{i=1\ldots n}~~~~ - (\WTE{\Gamma,f_1:A_1,\ldots,f_n:A_n}{t_i}{A_i})_{i=1\ldots n}} - {\WTEG{\Fix{f_i}{f_1:A_1:=t_1 \ldots f_n:A_n:=t_n}}{A_i}}} -\end{description} -% -Any fixpoint definition cannot be accepted because non-normalizing terms -allow proofs of absurdity. -% -The basic scheme of recursion that should be allowed is the one needed for -defining primitive -recursive functionals. In that case the fixpoint enjoys a special -syntactic restriction, namely one of the arguments belongs to an -inductive type, the function starts with a case analysis and recursive -calls are done on variables coming from patterns and representing subterms. -% -For instance in the case of natural numbers, a proof of the induction -principle of type -\[\forall P:\nat\ra\Prop, (P~\nO)\ra(\forall n:\nat, (P~n)\ra(P~(\nS~n)))\ra -\forall n:\nat, (P~n)\] -can be represented by the term: -\[\begin{array}{l} -\lb P:\nat\ra\Prop\mto\lb f:(P~\nO)\mto \lb g:(\forall n:\nat, -(P~n)\ra(P~(\nS~n))) \mto\\ -\Fix{h}{h:\forall n:\nat, (P~n):=\lb n:\nat\mto \Case{P}{n}{f~|~\lb - p:\nat\mto (g~p~(h~p))}} -\end{array} -\] -% -Before accepting a fixpoint definition as being correctly typed, we -check that the definition is ``guarded''. A precise analysis of this -notion can be found in~\cite{Gim94}. -% -The first stage is to precise on which argument the fixpoint will be -decreasing. The type of this argument should be an inductive -definition. -% -For doing this, the syntax of fixpoints is extended and becomes - \[\Fix{f_i}{f_1/k_1:A_1:=t_1 \ldots f_n/k_n:A_n:=t_n}\] -where $k_i$ are positive integers. -Each $k_i$ represents the index of pararameter of $f_i$, on which $f_i$ is decreasing. -Each $A_i$ should be a type (reducible to a term) starting with at least -$k_i$ products $\forall y_1:B_1,\ldots \forall y_{k_i}:B_{k_i}, A'_i$ -and $B_{k_i}$ an is unductive type. - -Now in the definition $t_i$, if $f_j$ occurs then it should be applied -to at least $k_j$ arguments and the $k_j$-th argument should be -syntactically recognized as structurally smaller than $y_{k_i}$ - - -The definition of being structurally smaller is a bit technical. -One needs first to define the notion of -{\em recursive arguments of a constructor}\index{Recursive arguments}. -For an inductive definition \Ind{}{r}{\Gamma_I}{\Gamma_C}, -if the type of a constructor $c$ has the form -$\forall p_1:P_1,\ldots \forall p_r:P_r, -\forall x_1:T_1, \ldots \forall x_r:T_r, (I_j~p_1\ldots -p_r~t_1\ldots t_s)$, then the recursive arguments will correspond to $T_i$ in -which one of the $I_l$ occurs. - -The main rules for being structurally smaller are the following:\\ -Given a variable $y$ of type an inductive -definition in a declaration -\Ind{}{r}{\Gamma_I}{\Gamma_C} -where $\Gamma_I$ is $[I_1:A_1;\ldots;I_k:A_k]$, and $\Gamma_C$ is - $[c_1:C_1;\ldots;c_n:C_n]$. -The terms structurally smaller than $y$ are: -\begin{itemize} -\item $(t~u)$ and $\lb x:u \mto t$ when $t$ is structurally smaller than $y$. -\item \Case{P}{c}{f_1\ldots f_n} when each $f_i$ is structurally - smaller than $y$. \\ - If $c$ is $y$ or is structurally smaller than $y$, its type is an inductive - definition $I_p$ part of the inductive - declaration corresponding to $y$. - Each $f_i$ corresponds to a type of constructor $C_q \equiv - \forall p_1:P_1,\ldots,\forall p_r:P_r, \forall y_1:B_1, \ldots \forall y_k:B_k, (I~a_1\ldots a_k)$ - and can consequently be - written $\lb y_1:B'_1\mto \ldots \lb y_k:B'_k\mto g_i$. - ($B'_i$ is obtained from $B_i$ by substituting parameters variables) - the variables $y_j$ occurring - in $g_i$ corresponding to recursive arguments $B_i$ (the ones in - which one of the $I_l$ occurs) are structurally smaller than $y$. -\end{itemize} -The following definitions are correct, we enter them using the -{\tt Fixpoint} command as described in Section~\ref{Fixpoint} and show -the internal representation. -\begin{coq_example} -Fixpoint plus (n m:nat) {struct n} : nat := - match n with - | O => m - | S p => S (plus p m) - end. -Print plus. -Fixpoint lgth (A:Set) (l:list A) {struct l} : nat := - match l with - | nil _ => O - | cons _ a l' => S (lgth A l') - end. -Print lgth. -Fixpoint sizet (t:tree) : nat := let (f) := t in S (sizef f) - with sizef (f:forest) : nat := - match f with - | emptyf => O - | consf t f => plus (sizet t) (sizef f) - end. -Print sizet. -\end{coq_example} - - -\subsubsection[Reduction rule]{Reduction rule\index{iota-reduction@$\iota$-reduction}} -Let $F$ be the set of declarations: $f_1/k_1:A_1:=t_1 \ldots -f_n/k_n:A_n:=t_n$. -The reduction for fixpoints is: -\[ (\Fix{f_i}{F}~a_1\ldots -a_{k_i}) \triangleright_{\iota} \substs{t_i}{f_k}{\Fix{f_k}{F}}{k=1\ldots n} -~a_1\ldots a_{k_i}\] -when $a_{k_i}$ starts with a constructor. -This last restriction is needed in order to keep strong normalization -and corresponds to the reduction for primitive recursive operators. -% -The following reductions are now possible: -\def\plus{\mathsf{plus}} -\def\tri{\triangleright_\iota} -\begin{eqnarray*} - \plus~(\nS~(\nS~\nO))~(\nS~\nO) & \tri & \nS~(\plus~(\nS~\nO)~(\nS~\nO))\\ - & \tri & \nS~(\nS~(\plus~\nO~(\nS~\nO)))\\ - & \tri & \nS~(\nS~(\nS~\nO))\\ -\end{eqnarray*} - -% La disparition de Program devrait rendre la construction Match obsolete -% \subsubsection{The {\tt Match \ldots with \ldots end} expression} -% \label{Matchexpr} -% %\paragraph{A unary {\tt Match\ldots with \ldots end}.} -% \index{Match...with...end@{\tt Match \ldots with \ldots end}} -% The {\tt Match} operator which was a primitive notion in older -% presentations of the Calculus of Inductive Constructions is now just a -% macro definition which generates the good combination of {\tt Case} -% and {\tt Fix} operators in order to generate an operator for primitive -% recursive definitions. It always considers an inductive definition as -% a single inductive definition. - -% The following examples illustrates this feature. -% \begin{coq_example} -% Definition nat_pr : (C:Set)C->(nat->C->C)->nat->C -% :=[C,x,g,n]Match n with x g end. -% Print nat_pr. -% \end{coq_example} -% \begin{coq_example} -% Definition forest_pr -% : (C:Set)C->(tree->forest->C->C)->forest->C -% := [C,x,g,n]Match n with x g end. -% \end{coq_example} - -% Cet exemple faisait error (HH le 12/12/96), j'ai change pour une -% version plus simple -%\begin{coq_example} -%Definition forest_pr -% : (P:forest->Set)(P emptyf)->((t:tree)(f:forest)(P f)->(P (consf t f))) -% ->(f:forest)(P f) -% := [C,x,g,n]Match n with x g end. -%\end{coq_example} - -\subsubsection{Mutual induction} - -The principles of mutual induction can be automatically generated -using the {\tt Scheme} command described in Section~\ref{Scheme}. - -\section{Admissible rules for global environments} - -From the original rules of the type system, one can show the -admissibility of rules which change the local context of definition of -objects in the global environment. We show here the admissible rules -that are used used in the discharge mechanism at the end of a section. - -% This is obsolete: Abstraction over defined constants actually uses a -% let-in since there are let-ins in Coq - -%% \paragraph{Mechanism of substitution.} - -%% One rule which can be proved valid, is to replace a term $c$ by its -%% value in the global environment. As we defined the substitution of a term for -%% a variable in a term, one can define the substitution of a term for a -%% constant. One easily extends this substitution to local contexts and global -%% environments. - -%% \paragraph{Substitution Property:} -%% \inference{\frac{\WF{E;c:=t:T; E'}{\Gamma}} -%% {\WF{E; \subst{E'}{c}{t}}{\subst{\Gamma}{c}{t}}}} - -\paragraph{Abstraction.} - -One can modify a global declaration by generalizing it over a -previously assumed constant $c$. For doing that, we need to modify the -reference to the global declaration in the subsequent global -environment and local context by explicitly applying this constant to -the constant $c'$. - -Below, if $\Gamma$ is a context of the form -$[y_1:A_1;\ldots;y_n:A_n]$, we write $\forall -x:U,\subst{\Gamma}{c}{x}$ to mean -$[y_1:\forall~x:U,\subst{A_1}{c}{x};\ldots;y_n:\forall~x:U,\subst{A_n}{c}{x}]$ -and -$\subst{E}{|\Gamma|}{|\Gamma|c}$. -to mean the parallel substitution -$\subst{\subst{E}{y_1}{(y_1~c)}\ldots}{y_n}{(y_n~c)}$. - -\paragraph{First abstracting property:} - \inference{\frac{\WF{E;c:U;E';c':=t:T;E''}{\Gamma}} - {\WF{E;c:U;E';c':=\lb x:U\mto \subst{t}{c}{x}:\forall~x:U,\subst{T}{c}{x}; - \subst{E''}{c'}{(c'~c)}}{\subst{\Gamma}{c}{(c~c')}}}} - - \inference{\frac{\WF{E;c:U;E';c':T;E''}{\Gamma}} - {\WF{E;c:U;E';c':\forall~x:U,\subst{T}{c}{x}; - \subst{E''}{c'}{(c'~c)}}{\subst{\Gamma}{c}{(c~c')}}}} - - \inference{\frac{\WF{E;c:U;E';\Ind{}{p}{\Gamma_I}{\Gamma_C};E''}{\Gamma}} - {\WFTWOLINES{E;c:U;E';\Ind{}{p+1}{\forall x:U,\subst{\Gamma_I}{c}{x}}{\forall x:U,\subst{\Gamma_C}{c}{x}};\subst{E''}{|\Gamma_I,\Gamma_C|}{|\Gamma_I,\Gamma_C|~c}}{\subst{\Gamma}{|\Gamma_I,\Gamma_C|}{|\Gamma_I,\Gamma_C|~c}}}} -% -One can similarly modify a global declaration by generalizing it over -a previously defined constant~$c'$. Below, if $\Gamma$ is a context -of the form $[y_1:A_1;\ldots;y_n:A_n]$, we write $ -\subst{\Gamma}{c}{u}$ to mean -$[y_1:\subst{A_1}{c}{u};\ldots;y_n:\subst{A_n}{c}{u}]$. - -\paragraph{Second abstracting property:} - \inference{\frac{\WF{E;c:=u:U;E';c':=t:T;E''}{\Gamma}} - {\WF{E;c:=u:U;E';c':=(\letin{x}{u:U}{\subst{t}{c}{x}}):\subst{T}{c}{u};E''}{\Gamma}}} - - \inference{\frac{\WF{E;c:=u:U;E';c':T;E''}{\Gamma}} - {\WF{E;c:=u:U;E';c':\subst{T}{c}{u};E''}{\Gamma}}} - - \inference{\frac{\WF{E;c:=u:U;E';\Ind{}{p}{\Gamma_I}{\Gamma_C};E''}{\Gamma}} - {\WF{E;c:=u:U;E';\Ind{}{p}{\subst{\Gamma_I}{c}{u}}{\subst{\Gamma_C}{c}{u}};E''}{\Gamma}}} - -\paragraph{Pruning the local context.} -If one abstracts or substitutes constants with the above rules then it -may happen that some declared or defined constant does not occur any -more in the subsequent global environment and in the local context. One can -consequently derive the following property. - -\paragraph{First pruning property:} -\inference{\frac{\WF{E;c:U;E'}{\Gamma} \qquad c \mbox{ does not occur in $E'$ and $\Gamma$}} - {\WF{E;E'}{\Gamma}}} - -\paragraph{Second pruning property:} -\inference{\frac{\WF{E;c:=u:U;E'}{\Gamma} \qquad c \mbox{ does not occur in $E'$ and $\Gamma$}} - {\WF{E;E'}{\Gamma}}} - -\section{Co-inductive types} -The implementation contains also co-inductive definitions, which are -types inhabited by infinite objects. -More information on co-inductive definitions can be found -in~\cite{Gimenez95b,Gim98,GimCas05}. -%They are described in Chapter~\ref{Co-inductives}. - -\section[The Calculus of Inductive Construction with - impredicative \Set]{The Calculus of Inductive Construction with - impredicative \Set\label{impredicativity}} - -\Coq{} can be used as a type-checker for the -Calculus of Inductive Constructions with an impredicative sort \Set{} -by using the compiler option \texttt{-impredicative-set}. -% -For example, using the ordinary \texttt{coqtop} command, the following -is rejected. -% (** This example should fail ******************************* -% Error: The term forall X:Set, X -> X has type Type -% while it is expected to have type Set ***) -\begin{coq_example} -Fail Definition id: Set := forall X:Set,X->X. -\end{coq_example} -while it will type-check, if one uses instead the \texttt{coqtop - -impredicative-set} command. - -The major change in the theory concerns the rule for product formation -in the sort \Set, which is extended to a domain in any sort: -\begin{description} -\item [Prod] \index{Typing rules!Prod (impredicative Set)} -\inference{\frac{\WTEG{T}{s}~~~~s \in \Sort~~~~~~ - \WTE{\Gamma::(x:T)}{U}{\Set}} - { \WTEG{\forall~x:T,U}{\Set}}} -\end{description} -This extension has consequences on the inductive definitions which are -allowed. -In the impredicative system, one can build so-called {\em large inductive - definitions} like the example of second-order existential -quantifier (\texttt{exSet}). - -There should be restrictions on the eliminations which can be -performed on such definitions. The eliminations rules in the -impredicative system for sort \Set{} become: -\begin{description} -\item[\Set] \inference{\frac{s \in - \{\Prop, \Set\}}{\compat{I:\Set}{I\ra s}} -~~~~\frac{I \mbox{~is a small inductive definition}~~~~s \in - \{\Type(i)\}} - {\compat{I:\Set}{I\ra s}}} -\end{description} - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% End: - - diff --git a/doc/refman/RefMan-com.tex b/doc/refman/RefMan-com.tex deleted file mode 100644 index 04a8a25c12..0000000000 --- a/doc/refman/RefMan-com.tex +++ /dev/null @@ -1,388 +0,0 @@ -\chapter[The \Coq~commands]{The \Coq~commands\label{Addoc-coqc} -\ttindex{coqtop} -\ttindex{coqc} -\ttindex{coqchk}} -%HEVEA\cutname{commands.html} - -There are three \Coq~commands: -\begin{itemize} -\item {\tt coqtop}: the \Coq\ toplevel (interactive mode); -\item {\tt coqc}: the \Coq\ compiler (batch compilation); -\item {\tt coqchk}: the \Coq\ checker (validation of compiled libraries). -\end{itemize} -The options are (basically) the same for the first two commands, and -roughly described below. You can also look at the \verb!man! pages of -\verb!coqtop! and \verb!coqc! for more details. - - -\section{Interactive use ({\tt coqtop})} - -In the interactive mode, also known as the \Coq~toplevel, the user can -develop his theories and proofs step by step. The \Coq~toplevel is -run by the command {\tt coqtop}. - -\index{byte-code} -\index{native code} -\label{binary-images} -They are two different binary images of \Coq: the byte-code one and -the native-code one (if {\ocaml} provides a native-code compiler -for your platform, which is supposed in the following). By default, -\verb!coqtop! executes the native-code version; run \verb!coqtop.byte! to -get the byte-code version. - -The byte-code toplevel is based on an {\ocaml} -toplevel (to allow the dynamic link of tactics). You can switch to -the {\ocaml} toplevel with the command \verb!Drop.!, and come back to the -\Coq~toplevel with the command \verb!Coqloop.loop();;!. - -\section{Batch compilation ({\tt coqc})} -The {\tt coqc} command takes a name {\em file} as argument. Then it -looks for a vernacular file named {\em file}{\tt .v}, and tries to -compile it into a {\em file}{\tt .vo} file (See ~\ref{compiled}). - -\Warning The name {\em file} should be a regular {\Coq} identifier, as -defined in Section~\ref{lexical}. It should contain only letters, digits -or underscores (\_). For instance, \verb+/bar/foo/toto.v+ is valid, but -\verb+/bar/foo/to-to.v+ is invalid. - -\section[Customization]{Customization at launch time} - -\subsection{By resource file\index{Resource file}} - -When \Coq\ is launched, with either {\tt coqtop} or {\tt coqc}, the -resource file \verb:$XDG_CONFIG_HOME/coq/coqrc.xxx: is loaded, where -\verb:$XDG_CONFIG_HOME: is the configuration directory of the user (by -default its home directory \verb!/.config! and \verb:xxx: is the version -number (e.g. 8.3). If this file is not found, then the file -\verb:$XDG_CONFIG_HOME/coqrc: is searched. You can also specify an -arbitrary name for the resource file (see option \verb:-init-file: -below). - - -This file may contain, for instance, \verb:Add LoadPath: commands to add -directories to the load path of \Coq. -It is possible to skip the loading of the resource file with the -option \verb:-q:. - -\subsection{By environment variables\label{EnvVariables} -\index{Environment variables}\label{envars}} - -Load path can be specified to the \Coq\ system by setting up -\verb:$COQPATH: environment variable. It is a list of directories -separated by \verb|:| (\verb|;| on windows). {\Coq} will also honor -\verb:$XDG_DATA_HOME: and \verb:$XDG_DATA_DIRS: (see Section -\ref{loadpath}). - -Some {\Coq} commands call other {\Coq} commands. In this case, they -look for the commands in directory specified by \verb:$COQBIN:. If -this variable is not set, they look for the commands in the executable -path. - -The \verb:$COQ_COLORS: environment variable can be used to specify the set of -colors used by {\tt coqtop} to highlight its output. It uses the same syntax as -the \verb:$LS_COLORS: variable from GNU's {\tt ls}, that is, a colon-separated -list of assignments of the form \verb:name=attr1;...;attrn: where {\tt name} is -the name of the corresponding highlight tag and {\tt attri} is an ANSI escape -code. The list of highlight tags can be retrieved with the {\tt -list-tags} -command-line option of {\tt coqtop}. - -\subsection{By command line options\index{Options of the command line} -\label{coqoptions}} - -The following command-line options are recognized by the commands {\tt - coqc} and {\tt coqtop}, unless stated otherwise: - -\begin{description} -\item[{\tt -I} {\em directory}, {\tt -include} {\em directory}]\ % - - Add physical path {\em directory} to the {\ocaml} loadpath. - - \SeeAlso Section~\ref{Libraries} and the command {\tt Declare ML Module} Section \ref{compiled}. - -\item[{\tt -Q} {\em directory} {\dirpath}]\ % - - Add physical path \emph{directory} to the list of directories where - {\Coq} looks for a file and bind it to the the logical directory - \emph{dirpath}. The subdirectory structure of \emph{directory} is - recursively available from {\Coq} using absolute names (extending - the {\dirpath} prefix) (see Section~\ref{LongNames}). - - Note that only those subdirectories and files which obey the lexical - conventions of what is an {\ident} (see Section~\ref{lexical}) - are taken into account. Conversely, the underlying file systems or - operating systems may be more restrictive than {\Coq}. While Linux's - ext4 file system supports any {\Coq} recursive layout - (within the limit of 255 bytes per file name), the default on NTFS - (Windows) or HFS+ (MacOS X) file systems is on the contrary to - disallow two files differing only in the case in the same directory. - - \SeeAlso Section~\ref{Libraries}. - -\item[{\tt -R} {\em directory} {\dirpath}]\ % - - Do as \texttt{-Q} \emph{directory} {\dirpath} but make the - subdirectory structure of \emph{directory} recursively visible so - that the recursive contents of physical \emph{directory} is available - from {\Coq} using short or partially qualified names. - - \SeeAlso Section~\ref{Libraries}. - -\item[{\tt -top} {\dirpath}]\ % - - Set the toplevel module name to {\dirpath} instead of {\tt Top}. Not - valid for {\tt coqc} as the toplevel module name is inferred from the - name of the output file. - -\item[{\tt -exclude-dir} {\em directory}]\ % - - Exclude any subdirectory named {\em directory} while - processing options such as {\tt -R} and {\tt -Q}. By default, only the - conventional version control management directories named {\tt CVS} and - {\tt \_darcs} are excluded. - -\item[{\tt -nois}]\ % - - Start from an empty state instead of loading the {\tt Init.Prelude} - module. - -\item[{\tt -init-file} {\em file}]\ % - - Load {\em file} as the resource file instead of loading the default - resource file from the standard configuration directories. - -\item[{\tt -q}]\ % - - Do not to load the default resource file. - -\item[{\tt -load-ml-source} {\em file}]\ % - - Load the {\ocaml} source file {\em file}. - -\item[{\tt -load-ml-object} {\em file}]\ % - - Load the {\ocaml} object file {\em file}. - -\item[{\tt -l} {\em file}, {\tt -load-vernac-source} {\em file}]\ % - - Load and execute the {\Coq} script from {\em file.v}. - -\item[{\tt -lv} {\em file}, {\tt -load-vernac-source-verbose} {\em - file}]\ % - - Load and execute the {\Coq} script from {\em file.v}. - Output its content on the standard input as it is executed. - -\item[{\tt -load-vernac-object} {\dirpath}]\ % - - Load \Coq~compiled library {\dirpath}. This is equivalent to running - {\tt Require} {\dirpath}. - -\item[{\tt -require} {\dirpath}]\ % - - Load \Coq~compiled library {\dirpath} and import it. This is equivalent - to running {\tt Require Import} {\dirpath}. - -\item[{\tt -batch}]\ % - - Exit just after argument parsing. Available for {\tt coqtop} only. - -\item[{\tt -compile} {\em file.v}]\ % - - Compile file {\em file.v} into {\em file.vo}. This options imply {\tt - -batch} (exit just after argument parsing). It is available only - for {\tt coqtop}, as this behavior is the purpose of {\tt coqc}. - -\item[{\tt -compile-verbose} {\em file.v}]\ % - - Same as {\tt -compile} but also output the content of {\em file.v} as - it is compiled. - -\item[{\tt -verbose}]\ % - - Output the content of the input file as it is compiled. This option is - available for {\tt coqc} only; it is the counterpart of {\tt - -compile-verbose}. - - \item[{\tt -w} (all|none|w$_1$,\ldots,w$_n$)]\ % - - Configure the display of warnings. This option expects {\tt all}, {\tt none} - or a comma-separated list of warning names or categories (see - Section~\ref{SetWarnings}). - -%Mostly unused in the code -%\item[{\tt -debug}]\ % -% -% Switch on the debug flag. - -\item[{\tt -color} (on|off|auto)]\ % - - Enable or not the coloring of output of {\tt coqtop}. Default is auto, - meaning that {\tt coqtop} dynamically decides, depending on whether the - output channel supports ANSI escape sequences. - -\item[{\tt -beautify}]\ % - - Pretty-print each command to {\em file.beautified} when compiling {\em - file.v}, in order to get old-fashioned syntax/definitions/notations. - -\item[{\tt -emacs}, {\tt -ide-slave}]\ % - - Start a special toplevel to communicate with a specific IDE. - -\item[{\tt -impredicative-set}]\ % - - Change the logical theory of {\Coq} by declaring the sort {\tt Set} - impredicative. Warning: this is known to be inconsistent with - some standard axioms of classical mathematics such as the functional - axiom of choice or the principle of description. - -\item[{\tt -type-in-type}]\ % - - Collapse the universe hierarchy of {\Coq}. Warning: this makes the - logic inconsistent. - -\item[{\tt -compat} {\em version}]\ % - - Attempt to maintain some backward-compatibility with a previous version. - -\item[{\tt -dump-glob} {\em file}]\ % - - Dump references for global names in file {\em file} (to be used - by {\tt coqdoc}, see~\ref{coqdoc}). By default, if {\em file.v} is being - compiled, {\em file.glob} is used. - -\item[{\tt -no-glob}]\ % - - Disable the dumping of references for global names. - -%\item[{\tt -no-hash-consing}]\ % - -\item[{\tt -image} {\em file}]\ % - - Set the binary image to be used by {\tt coqc} to be {\em file} - instead of the standard one. Not of general use. - -\item[{\tt -bindir} {\em directory}]\ % - - Set the directory containing {\Coq} binaries to be used by {\tt coqc}. - It is equivalent to doing \texttt{export COQBIN=}{\em directory} before - launching {\tt coqc}. - -\item[{\tt -where}]\ % - - Print the location of \Coq's standard library and exit. - -\item[{\tt -config}]\ % - - Print the locations of \Coq's binaries, dependencies, and libraries, then exit. - -\item[{\tt -filteropts}]\ % - - Print the list of command line arguments that {\tt coqtop} has - recognized as options and exit. - -\item[{\tt -v}]\ % - - Print \Coq's version and exit. - -\item[{\tt -list-tags}]\ % - - Print the highlight tags known by {\Coq} as well as their currently associated - color and exit. - -\item[{\tt -h}, {\tt --help}]\ % - - Print a short usage and exit. - -\end{description} - - -\section{Compiled libraries checker ({\tt coqchk})} - -The {\tt coqchk} command takes a list of library paths as argument, described -either by their logical name or by their physical filename, which must end in -{\tt .vo}. The corresponding compiled libraries (.vo files) are searched in the -path, recursively processing the libraries they depend on. The content -of all these libraries is then type-checked. The effect of {\tt - coqchk} is only to return with normal exit code in case of success, -and with positive exit code if an error has been found. Error messages -are not deemed to help the user understand what is wrong. In the -current version, it does not modify the compiled libraries to mark -them as successfully checked. - -Note that non-logical information is not checked. By logical -information, we mean the type and optional body associated to names. -It excludes for instance anything related to the concrete syntax of -objects (customized syntax rules, association between short and long -names), implicit arguments, etc. - -This tool can be used for several purposes. One is to check that a -compiled library provided by a third-party has not been forged and -that loading it cannot introduce inconsistencies.\footnote{Ill-formed - non-logical information might for instance bind {\tt - Coq.Init.Logic.True} to short name {\tt False}, so apparently {\tt - False} is inhabited, but using fully qualified names, {\tt - Coq.Init.Logic.False} will always refer to the absurd proposition, - what we guarantee is that there is no proof of this latter - constant.} -Another point is to get an even higher level of security. Since {\tt - coqtop} can be extended with custom tactics, possibly ill-typed -code, it cannot be guaranteed that the produced compiled libraries are -correct. {\tt coqchk} is a standalone verifier, and thus it cannot be -tainted by such malicious code. - -Command-line options {\tt -Q}, {\tt -R}, {\tt -where} and -{\tt -impredicative-set} are supported by {\tt coqchk} and have the -same meaning as for {\tt coqtop}. As there is no notion of relative paths in -object files {\tt -Q} and {\tt -R} have exactly the same meaning. - -Extra options are: -\begin{description} -\item[{\tt -norec} {\em module}]\ % - - Check {\em module} but do not check its dependencies. - -\item[{\tt -admit} {\em module}]\ % - - Do not check {\em module} and any of its dependencies, unless - explicitly required. - -\item[{\tt -o}]\ % - - At exit, print a summary about the context. List the names of all - assumptions and variables (constants without body). - -\item[{\tt -silent}]\ % - - Do not write progress information in standard output. -\end{description} - -Environment variable \verb:$COQLIB: can be set to override the -location of the standard library. - -The algorithm for deciding which modules are checked or admitted is -the following: assuming that {\tt coqchk} is called with argument $M$, -option {\tt -norec} $N$, and {\tt -admit} $A$. Let us write -$\overline{S}$ the set of reflexive transitive dependencies of set -$S$. Then: -\begin{itemize} -\item Modules $C=\overline{M}\backslash\overline{A}\cup M\cup N$ are - loaded and type-checked before being added to the context. -\item And $\overline{M}\cup\overline{N}\backslash C$ is the set of - modules that are loaded and added to the context without - type-checking. Basic integrity checks (checksums) are nonetheless - performed. -\end{itemize} - -As a rule of thumb, the {\tt -admit} can be used to tell that some -libraries have already been checked. So {\tt coqchk A B} can be split -in {\tt coqchk A \&\& coqchk B -admit A} without type-checking any -definition twice. Of course, the latter is slightly slower since it -makes more disk access. It is also less secure since an attacker might -have replaced the compiled library $A$ after it has been read by the -first command, but before it has been read by the second command. - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% End: diff --git a/doc/refman/RefMan-ext.tex b/doc/refman/RefMan-ext.tex deleted file mode 100644 index a1950d136e..0000000000 --- a/doc/refman/RefMan-ext.tex +++ /dev/null @@ -1,2152 +0,0 @@ -\chapter[Extensions of \Gallina{}]{Extensions of \Gallina{}\label{Gallina-extension}\index{Gallina}} -%HEVEA\cutname{gallina-ext.html} - -{\gallina} is the kernel language of {\Coq}. We describe here extensions of -the Gallina's syntax. - -\section{Record types -\comindex{Record} -\comindex{Inductive} -\comindex{CoInductive} -\label{Record}} - -The \verb+Record+ construction is a macro allowing the definition of -records as is done in many programming languages. Its syntax is -described on Figure~\ref{record-syntax}. In fact, the \verb+Record+ -macro is more general than the usual record types, since it allows -also for ``manifest'' expressions. In this sense, the \verb+Record+ -construction allows defining ``signatures''. - -\begin{figure}[h] -\begin{centerframe} -\begin{tabular}{lcl} -{\sentence} & ++= & {\record}\\ - & & \\ -{\record} & ::= & - {\recordkw} {\ident} \zeroone{\binders} \zeroone{{\tt :} {\sort}} \verb.:=. \\ -&& ~~~~\zeroone{\ident} - \verb!{! \zeroone{\nelist{\field}{;}} \verb!}! \verb:.:\\ - & & \\ -{\recordkw} & ::= & - {\tt Record} $|$ {\tt Inductive} $|$ {\tt CoInductive}\\ - & & \\ -{\field} & ::= & {\name} \zeroone{\binders} : {\type} \zeroone{{\tt where} {\it notation}} \\ - & $|$ & {\name} \zeroone{\binders} {\typecstrtype} := {\term}\\ -\end{tabular} -\end{centerframe} -\caption{Syntax for the definition of {\tt Record}} -\label{record-syntax} -\end{figure} - -\noindent In the expression -\begin{quote} -{\tt Record {\ident} {\params} : {\sort} := {\ident$_0$} \{ \\ - {\ident$_1$} \binders$_1$ : {\term$_1$} ; ... ; \\ - {\ident$_n$} \binders$_n$ : {\term$_n$} \}.} -\end{quote} -\noindent the identifier {\ident} is the name of the defined record -and {\sort} is its type. The identifier {\ident$_0$} is the name of -its constructor. If {\ident$_0$} is omitted, the default name {\tt -Build\_{\ident}} is used. -If {\sort} is omitted, the default sort is {\Type}. -The identifiers {\ident$_1$}, \dots, {\ident$_n$} are the names of -fields and {\tt forall {\binders$_1$}, {\term$_1$}}, \dots, -{\tt forall {\binders$_n$}, {\term$_n$}} -their respective types. Remark that the type of {\ident$_i$} may -depend on the previous {\ident$_j$} (for $j<i$). Thus the order of the -fields is important. Finally, {\params} are the parameters of the -record. - -More generally, a record may have explicitly defined (a.k.a. -manifest) fields. For instance, {\tt Record} {\ident} {\tt [} -{\params} {\tt ]} \texttt{:} {\sort} := \verb+{+ {\ident$_1$} -\texttt{:} {\type$_1$} \verb+;+ {\ident$_2$} \texttt{:=} {\term$_2$} -\verb+;+ {\ident$_3$} \texttt{:} {\type$_3$} \verb+}+ in which case -the correctness of {\type$_3$} may rely on the instance {\term$_2$} of -{\ident$_2$} and {\term$_2$} in turn may depend on {\ident$_1$}. - - -\Example -The set of rational numbers may be defined as: -\begin{coq_eval} -Reset Initial. -\end{coq_eval} -\begin{coq_example} -Record Rat : Set := mkRat - {sign : bool; - top : nat; - bottom : nat; - Rat_bottom_cond : 0 <> bottom; - Rat_irred_cond : - forall x y z:nat, (x * y) = top /\ (x * z) = bottom -> x = 1}. -\end{coq_example} - -Remark here that the field \verb+Rat_bottom_cond+ depends -on the field \verb+bottom+ and \verb+Rat_irred_cond+ depends -on both \verb+top+ and \verb+bottom+. - -Let us now see the work done by the {\tt Record} macro. First the -macro generates a variant type definition with just one constructor: -\begin{quote} -{\tt Variant {\ident} {\params} : {\sort} := \\ - {\ident$_0$} ({\ident$_1$} : {\term$_1$}) ... ({\ident$_n$} : {\term$_n$}).} -\end{quote} -To build an object of type {\ident}, one should provide the -constructor {\ident$_0$} with $n$ terms filling the fields of -the record. - -As an example, let us define the rational $1/2$: -\begin{coq_example*} -Theorem one_two_irred : - forall x y z:nat, x * y = 1 /\ x * z = 2 -> x = 1. -Admitted. -\end{coq_example*} -\begin{coq_example} -Definition half := mkRat true 1 2 (O_S 1) one_two_irred. -\end{coq_example} -\begin{coq_example} -Check half. -\end{coq_example} - -\begin{figure}[t] -\begin{centerframe} -\begin{tabular}{lcl} -{\term} & ++= & - \verb!{|! \zeroone{\nelist{\fielddef}{;}} \verb!|}! \\ - & & \\ -{\fielddef} & ::= & {\name} \zeroone{\binders} := {\term} \\ -\end{tabular} -\end{centerframe} -\caption{Syntax for constructing elements of a \texttt{Record} using named fields} -\label{fig:fieldsyntax} -\end{figure} - -Alternatively, the following syntax allows creating objects by using named fields, as -shown on Figure~\ref{fig:fieldsyntax}. The -fields do not have to be in any particular order, nor do they have to be all -present if the missing ones can be inferred or prompted for (see -Section~\ref{Program}). - -\begin{coq_example} -Definition half' := - {| sign := true; - Rat_bottom_cond := O_S 1; - Rat_irred_cond := one_two_irred |}. -\end{coq_example} - -This syntax can be disabled globally for printing by -\begin{quote} -{\tt Unset Printing Records.} -\optindex{Printing Records} -\end{quote} -For a given type, one can override this using either -\begin{quote} -{\tt Add Printing Record {\ident}.} -\end{quote} -to get record syntax or -\begin{quote} -{\tt Add Printing Constructor {\ident}.} -\end{quote} -to get constructor syntax. - -This syntax can also be used for pattern matching. - -\begin{coq_example} -Eval compute in ( - match half with - | {| sign := true; top := n |} => n - | _ => 0 - end). -\end{coq_example} - -The macro generates also, when it is possible, the projection -functions for destructuring an object of type {\ident}. These -projection functions are given the names of the corresponding -fields. If a field is named ``\verb=_='' then no projection is built -for it. In our example: - -\begin{coq_example} -Eval compute in top half. -Eval compute in bottom half. -Eval compute in Rat_bottom_cond half. -\end{coq_example} - -An alternative syntax for projections based on a dot notation is -available: - -\begin{coq_example} -Eval compute in half.(top). -\end{coq_example} - -It can be activated for printing with the command -\optindex{Printing Projections} -\begin{quote} -{\tt Set Printing Projections.} -\end{quote} - -\begin{coq_example} -Set Printing Projections. -Check top half. -\end{coq_example} - -The corresponding grammar rules are given in Figure~\ref{fig:projsyntax}. -When {\qualid} denotes a projection, the syntax {\tt - {\term}.({\qualid})} is equivalent to {\qualid~\term}, the syntax -{\term}{\tt .(}{\qualid}~{\termarg}$_1$ {\ldots} {\termarg}$_n${\tt )} to -{\qualid~{\termarg}$_1$ {\ldots} {\termarg}$_n$~\term}, and the syntax -{\term}{\tt .(@}{\qualid}~{\term}$_1$~\ldots~{\term}$_n${\tt )} to -{@\qualid~{\term}$_1$ {\ldots} {\term}$_n$~\term}. In each case, {\term} -is the object projected and the other arguments are the parameters of -the inductive type. - -\begin{figure}[t] -\begin{centerframe} -\begin{tabular}{lcl} -{\term} & ++= & {\term} {\tt .(} {\qualid} {\tt )}\\ - & $|$ & {\term} {\tt .(} {\qualid} \nelist{\termarg}{} {\tt )}\\ - & $|$ & {\term} {\tt .(} {@}{\qualid} \nelist{\term}{} {\tt )} -\end{tabular} -\end{centerframe} -\caption{Syntax for \texttt{Record} projections} -\label{fig:projsyntax} -\end{figure} - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - -\begin{Remarks} - -\item Records defined with the {\tt Record} keyword are not allowed to be -recursive (references to the record's name in the type of its field -raises an error). To define recursive records, one can use the {\tt -Inductive} and {\tt CoInductive} keywords, resulting in an inductive -or co-inductive record. -A \emph{caveat}, however, is that records -cannot appear in mutually inductive (or co-inductive) definitions. - -\item Induction schemes are automatically generated for inductive records. -Automatic generation of induction schemes for non-recursive records -defined with the {\tt Record} keyword can be activated with the -{\tt Nonrecursive Elimination Schemes} option -(see~\ref{set-nonrecursive-elimination-schemes}). - -\item {\tt Structure} is a synonym of the keyword {\tt Record}. - -\end{Remarks} - -\begin{Warnings} -\item {\tt {\ident$_i$} cannot be defined.} - - It can happen that the definition of a projection is impossible. - This message is followed by an explanation of this impossibility. - There may be three reasons: - \begin{enumerate} - \item The name {\ident$_i$} already exists in the environment (see - Section~\ref{Axiom}). - \item The body of {\ident$_i$} uses an incorrect elimination for - {\ident} (see Sections~\ref{Fixpoint} and~\ref{Caseexpr}). - \item The type of the projections {\ident$_i$} depends on previous - projections which themselves could not be defined. - \end{enumerate} -\end{Warnings} - -\begin{ErrMsgs} - -\item \errindex{Records declared with the keyword Record or Structure cannot be recursive.} - - The record name {\ident} appears in the type of its fields, but uses - the keyword {\tt Record}. Use the keyword {\tt Inductive} or {\tt - CoInductive} instead. -\item \errindex{Cannot handle mutually (co)inductive records.} - - Records cannot be defined as part of mutually inductive (or - co-inductive) definitions, whether with records only or mixed with - standard definitions. -\item During the definition of the one-constructor inductive - definition, all the errors of inductive definitions, as described in - Section~\ref{gal-Inductive-Definitions}, may also occur. - -\end{ErrMsgs} - -\SeeAlso Coercions and records in Section~\ref{Coercions-and-records} -of the chapter devoted to coercions. - -\subsection{Primitive Projections} -\optindex{Primitive Projections} -\optindex{Printing Primitive Projection Parameters} -\optindex{Printing Primitive Projection Compatibility} -\index{Primitive projections} -\label{prim-proj} - -The option {\tt Set Primitive Projections} turns on the use of primitive -projections when defining subsequent records (even through the {\tt - Inductive} and {\tt CoInductive} commands). Primitive projections -extended the Calculus of Inductive Constructions with a new binary term -constructor {\tt r.(p)} representing a primitive projection p applied to -a record object {\tt r} (i.e., primitive projections are always -applied). Even if the record type has parameters, these do not appear at -applications of the projection, considerably reducing the sizes of terms -when manipulating parameterized records and typechecking time. On the -user level, primitive projections can be used as a replacement for the -usual defined ones, although there are a few notable differences. - -The internally omitted parameters can be reconstructed at printing time -even though they are absent in the actual AST manipulated by the kernel. This -can be obtained by setting the {\tt Printing Primitive Projection Parameters} -flag. Another compatibility printing can be activated thanks to the -{\tt Printing Primitive Projection Compatibility} option which governs the -printing of pattern-matching over primitive records. - -\subsubsection{Primitive Record Types} -When the {\tt Set Primitive Projections} option is on, definitions of -record types change meaning. When a type is declared with primitive -projections, its {\tt match} construct is disabled (see -\ref{primproj:compat} though). To eliminate the (co-)inductive type, one -must use its defined primitive projections. - -There are currently two ways to introduce primitive records types: -\begin{itemize} -\item Through the {\tt Record} command, in which case the type has to be - non-recursive. The defined type enjoys eta-conversion definitionally, - that is the generalized form of surjective pairing for records: - {\tt $r$ = Build\_R ($r$.($p_1$) .. $r$.($p_n$))}. Eta-conversion allows to define - dependent elimination for these types as well. -\item Through the {\tt Inductive} and {\tt CoInductive} commands, when - the body of the definition is a record declaration of the form {\tt - Build\_R \{ $p_1$ : $t_1$; .. ; $p_n$ : $t_n$ \}}. In this case the types can be - recursive and eta-conversion is disallowed. These kind of record types - differ from their traditional versions in the sense that dependent - elimination is not available for them and only non-dependent case analysis - can be defined. -\end{itemize} - -\subsubsection{Reduction} - -The basic reduction rule of a primitive projection is {\tt $p_i$ - (Build\_R $t_1$ .. $t_n$) $\rightarrow_{\iota}$ $t_i$}. However, to take the $\delta$ flag into -account, projections can be in two states: folded or unfolded. An -unfolded primitive projection application obeys the rule above, while -the folded version delta-reduces to the unfolded version. This allows to -precisely mimic the usual unfolding rules of constants. Projections -obey the usual {\tt simpl} flags of the {\tt Arguments} command in particular. - -There is currently no way to input unfolded primitive projections at the -user-level, and one must use the {\tt Printing Primitive Projection - Compatibility} to display unfolded primitive projections as matches -and distinguish them from folded ones. - -\subsubsection{Compatibility Projections and {\tt match}} -\label{primproj:compat} -To ease compatibility with ordinary record types, each primitive -projection is also defined as a ordinary constant taking parameters and -an object of the record type as arguments, and whose body is an -application of the unfolded primitive projection of the same name. These -constants are used when elaborating partial applications of the -projection. One can distinguish them from applications of the primitive -projection if the {\tt Printing Primitive Projection Parameters} option -is off: for a primitive projection application, parameters are printed -as underscores while for the compatibility projections they are printed -as usual. - -Additionally, user-written {\tt match} constructs on primitive records -are desugared into substitution of the projections, they cannot be -printed back as {\tt match} constructs. - - % - r.(p) and (p r) elaborate to native projection application, and - % the parameters cannot be mentioned. The following arguments are - % parsed according to the remaining implicit arguments declared for the - % projection (i.e. the implicit arguments after the record type - % argument). In dot notation, the record type argument is considered - % explicit no matter what its implicit status is. - % - r.(@p params) and @p args are parsed as regular applications of the - % projection with explicit parameters. - % - [simpl p] is forbidden, but [simpl @p] will simplify both the projection - % and its explicit [@p] version. - % - [unfold p] has no effect on projection applications unless it is applied - % to a constructor. If the explicit version appears it reduces to the - % projection application. - % - [pattern x at n], [rewrite x at n] and in general abstraction and selection - % of occurrences may fail due to the disappearance of parameters. - -\section{Variants and extensions of {\mbox{\tt match}} -\label{Extensions-of-match} -\index{match@{\tt match\ldots with\ldots end}}} - -\subsection{Multiple and nested pattern-matching -\index{ML-like patterns} -\label{Mult-match}} - -The basic version of \verb+match+ allows pattern-matching on simple -patterns. As an extension, multiple nested patterns or disjunction of -patterns are allowed, as in ML-like languages. - -The extension just acts as a macro that is expanded during parsing -into a sequence of {\tt match} on simple patterns. Especially, a -construction defined using the extended {\tt match} is generally -printed under its expanded form (see~\texttt{Set Printing Matching} in -section~\ref{SetPrintingMatching}). - -\SeeAlso Chapter~\ref{Mult-match-full}. - -\subsection{Pattern-matching on boolean values: the {\tt if} expression -\label{if-then-else} -\index{if@{\tt if ... then ... else}}} - -For inductive types with exactly two constructors and for -pattern-matchings expressions which do not depend on the arguments of -the constructors, it is possible to use a {\tt if ... then ... else} -notation. For instance, the definition - -\begin{coq_example} -Definition not (b:bool) := - match b with - | true => false - | false => true - end. -\end{coq_example} - -\noindent can be alternatively written - -\begin{coq_eval} -Reset not. -\end{coq_eval} -\begin{coq_example} -Definition not (b:bool) := if b then false else true. -\end{coq_example} - -More generally, for an inductive type with constructors {\tt C$_1$} -and {\tt C$_2$}, we have the following equivalence - -\smallskip - -{\tt if {\term} \zeroone{\ifitem} then {\term}$_1$ else {\term}$_2$} $\equiv$ -\begin{tabular}[c]{l} -{\tt match {\term} \zeroone{\ifitem} with}\\ -{\tt \verb!|! C$_1$ \_ {\ldots} \_ \verb!=>! {\term}$_1$} \\ -{\tt \verb!|! C$_2$ \_ {\ldots} \_ \verb!=>! {\term}$_2$} \\ -{\tt end} -\end{tabular} - -Here is an example. - -\begin{coq_example} -Check (fun x (H:{x=0}+{x<>0}) => - match H with - | left _ => true - | right _ => false - end). -\end{coq_example} - -Notice that the printing uses the {\tt if} syntax because {\tt sumbool} is -declared as such (see Section~\ref{printing-options}). - -\subsection{Irrefutable patterns: the destructuring {\tt let} variants -\index{let in@{\tt let ... in}} -\label{Letin}} - -Pattern-matching on terms inhabiting inductive type having only one -constructor can be alternatively written using {\tt let ... in ...} -constructions. There are two variants of them. - -\subsubsection{First destructuring {\tt let} syntax} -The expression {\tt let -(}~{\ident$_1$},\ldots,{\ident$_n$}~{\tt ) :=}~{\term$_0$}~{\tt -in}~{\term$_1$} performs case analysis on a {\term$_0$} which must be in -an inductive type with one constructor having itself $n$ arguments. Variables -{\ident$_1$}\ldots{\ident$_n$} are bound to the $n$ arguments of the -constructor in expression {\term$_1$}. For instance, the definition - -\begin{coq_example} -Definition fst (A B:Set) (H:A * B) := match H with - | pair x y => x - end. -\end{coq_example} - -can be alternatively written - -\begin{coq_eval} -Reset fst. -\end{coq_eval} -\begin{coq_example} -Definition fst (A B:Set) (p:A * B) := let (x, _) := p in x. -\end{coq_example} -Notice that reduction is different from regular {\tt let ... in ...} -construction since it happens only if {\term$_0$} is in constructor -form. Otherwise, the reduction is blocked. - -The pretty-printing of a definition by matching on a -irrefutable pattern can either be done using {\tt match} or the {\tt -let} construction (see Section~\ref{printing-options}). - -If {\term} inhabits an inductive type with one constructor {\tt C}, -we have an equivalence between - -{\tt let ({\ident}$_1$,\ldots,{\ident}$_n$) \zeroone{\ifitem} := {\term} in {\term}'} - -\noindent and - -{\tt match {\term} \zeroone{\ifitem} with C {\ident}$_1$ {\ldots} {\ident}$_n$ \verb!=>! {\term}' end} - - -\subsubsection{Second destructuring {\tt let} syntax\index{let '... in@\texttt{let '... in}}} - -Another destructuring {\tt let} syntax is available for inductive types with -one constructor by giving an arbitrary pattern instead of just a tuple -for all the arguments. For example, the preceding example can be written: -\begin{coq_eval} -Reset fst. -\end{coq_eval} -\begin{coq_example} -Definition fst (A B:Set) (p:A*B) := let 'pair x _ := p in x. -\end{coq_example} - -This is useful to match deeper inside tuples and also to use notations -for the pattern, as the syntax {\tt let 'p := t in b} allows arbitrary -patterns to do the deconstruction. For example: - -\begin{coq_example} -Definition deep_tuple (A:Set) (x:(A*A)*(A*A)) : A*A*A*A := - let '((a,b), (c, d)) := x in (a,b,c,d). -Notation " x 'With' p " := (exist _ x p) (at level 20). -Definition proj1_sig' (A:Set) (P:A->Prop) (t:{ x:A | P x }) : A := - let 'x With p := t in x. -\end{coq_example} - -When printing definitions which are written using this construct it -takes precedence over {\tt let} printing directives for the datatype -under consideration (see Section~\ref{printing-options}). - -\subsection{Controlling pretty-printing of {\tt match} expressions -\label{printing-options}} - -The following commands give some control over the pretty-printing of -{\tt match} expressions. - -\subsubsection{Printing nested patterns -\label{SetPrintingMatching} -\optindex{Printing Matching}} - -The Calculus of Inductive Constructions knows pattern-matching only -over simple patterns. It is however convenient to re-factorize nested -pattern-matching into a single pattern-matching over a nested pattern. -{\Coq}'s printer try to do such limited re-factorization. - -\begin{quote} -{\tt Set Printing Matching.} -\end{quote} -This tells {\Coq} to try to use nested patterns. This is the default -behavior. - -\begin{quote} -{\tt Unset Printing Matching.} -\end{quote} -This tells {\Coq} to print only simple pattern-matching problems in -the same way as the {\Coq} kernel handles them. - -\begin{quote} -{\tt Test Printing Matching.} -\end{quote} -This tells if the printing matching mode is on or off. The default is -on. - -\subsubsection{Factorization of clauses with same right-hand side} -\label{SetPrintingFactorizableMatchPatterns} -\optindex{Printing Factorizable Match Patterns} - -When several patterns share the same right-hand side, it is -additionally possible to share the clauses using disjunctive patterns. -Assuming that the printing matching mode is on, whether {\Coq}'s -printer shall try to do this kind of factorization is governed by the -following commands: - -\begin{quote} -{\tt Set Printing Factorizable Match Patterns.} -\end{quote} -This tells {\Coq}'s printer to try to use disjunctive patterns. This is the default -behavior. - -\begin{quote} -{\tt Unset Printing Factorizable Match Patterns.} -\end{quote} -This tells {\Coq}'s printer not to try to use disjunctive patterns. - -\begin{quote} -{\tt Test Printing Factorizable Match Patterns.} -\end{quote} -This tells if the factorization of clauses with same right-hand side is -on or off. - -\subsubsection{Use of a default clause} -\label{SetPrintingAllowDefaultClause} -\optindex{Printing Allow Default Clause} - -When several patterns share the same right-hand side which do not -depend on the arguments of the patterns, yet an extra factorization is -possible: the disjunction of patterns can be replaced with a ``{\tt - \_}'' default clause. Assuming that the printing matching mode and -the factorization mode are on, whether {\Coq}'s printer shall try to -use a default clause is governed by the following commands: - -\begin{quote} -{\tt Set Printing Allow Default Clause.} -\end{quote} -This tells {\Coq}'s printer to use a default clause when relevant. This is the default -behavior. - -\begin{quote} -{\tt Unset Printing Allow Default Clause.} -\end{quote} -This tells {\Coq}'s printer not to use a default clause. - -\begin{quote} -{\tt Test Printing Allow Default Clause.} -\end{quote} -This tells if the use of a default clause is allowed. - -\subsubsection{Printing of wildcard pattern -\optindex{Printing Wildcard}} - -Some variables in a pattern may not occur in the right-hand side of -the pattern-matching clause. There are options to control the -display of these variables. - -\begin{quote} -{\tt Set Printing Wildcard.} -\end{quote} -The variables having no occurrences in the right-hand side of the -pattern-matching clause are just printed using the wildcard symbol -``{\tt \_}''. - -\begin{quote} -{\tt Unset Printing Wildcard.} -\end{quote} -The variables, even useless, are printed using their usual name. But some -non dependent variables have no name. These ones are still printed -using a ``{\tt \_}''. - -\begin{quote} -{\tt Test Printing Wildcard.} -\end{quote} -This tells if the wildcard printing mode is on or off. The default is -to print wildcard for useless variables. - -\subsubsection{Printing of the elimination predicate -\optindex{Printing Synth}} - -In most of the cases, the type of the result of a matched term is -mechanically synthesizable. Especially, if the result type does not -depend of the matched term. - -\begin{quote} -{\tt Set Printing Synth.} -\end{quote} -The result type is not printed when {\Coq} knows that it can -re-synthesize it. - -\begin{quote} -{\tt Unset Printing Synth.} -\end{quote} -This forces the result type to be always printed. - -\begin{quote} -{\tt Test Printing Synth.} -\end{quote} -This tells if the non-printing of synthesizable types is on or off. -The default is to not print synthesizable types. - -\subsubsection{Printing matching on irrefutable pattern -\label{AddPrintingLet} -\comindex{Add Printing Let {\ident}} -\comindex{Remove Printing Let {\ident}} -\comindex{Test Printing Let for {\ident}} -\comindex{Print Table Printing Let}} - -If an inductive type has just one constructor, -pattern-matching can be written using the first destructuring let syntax. - -\begin{quote} -{\tt Add Printing Let {\ident}.} -\end{quote} -This adds {\ident} to the list of inductive types for which -pattern-matching is written using a {\tt let} expression. - -\begin{quote} -{\tt Remove Printing Let {\ident}.} -\end{quote} -This removes {\ident} from this list. Note that removing an inductive -type from this list has an impact only for pattern-matching written using -\texttt{match}. Pattern-matching explicitly written using a destructuring -let are not impacted. - -\begin{quote} -{\tt Test Printing Let for {\ident}.} -\end{quote} -This tells if {\ident} belongs to the list. - -\begin{quote} -{\tt Print Table Printing Let.} -\end{quote} -This prints the list of inductive types for which pattern-matching is -written using a {\tt let} expression. - -The list of inductive types for which pattern-matching is written -using a {\tt let} expression is managed synchronously. This means that -it is sensible to the command {\tt Reset}. - -\subsubsection{Printing matching on booleans -\comindex{Add Printing If {\ident}} -\comindex{Remove Printing If {\ident}} -\comindex{Test Printing If for {\ident}} -\comindex{Print Table Printing If}} - -If an inductive type is isomorphic to the boolean type, -pattern-matching can be written using {\tt if} ... {\tt then} ... {\tt - else} ... - -\begin{quote} -{\tt Add Printing If {\ident}.} -\end{quote} -This adds {\ident} to the list of inductive types for which -pattern-matching is written using an {\tt if} expression. - -\begin{quote} -{\tt Remove Printing If {\ident}.} -\end{quote} -This removes {\ident} from this list. - -\begin{quote} -{\tt Test Printing If for {\ident}.} -\end{quote} -This tells if {\ident} belongs to the list. - -\begin{quote} -{\tt Print Table Printing If.} -\end{quote} -This prints the list of inductive types for which pattern-matching is -written using an {\tt if} expression. - -The list of inductive types for which pattern-matching is written -using an {\tt if} expression is managed synchronously. This means that -it is sensible to the command {\tt Reset}. - -\subsubsection{Example} - -This example emphasizes what the printing options offer. - -\begin{coq_example} -Definition snd (A B:Set) (H:A * B) := match H with - | pair x y => y - end. -Test Printing Let for prod. -Print snd. -Remove Printing Let prod. -Unset Printing Synth. -Unset Printing Wildcard. -Print snd. -\end{coq_example} -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - -\subsection{Printing \mbox{\tt match} templates} - -The {\tt Show Match} vernacular command prints a {\tt match} template for -a given type. See Section~\ref{Show}. - -% \subsection{Still not dead old notations} - -% The following variant of {\tt match} is inherited from older version -% of {\Coq}. - -% \medskip -% \begin{tabular}{lcl} -% {\term} & ::= & {\annotation} {\tt Match} {\term} {\tt with} {\terms} {\tt end}\\ -% \end{tabular} -% \medskip - -% This syntax is a macro generating a combination of {\tt match} with {\tt -% Fix} implementing a combinator for primitive recursion equivalent to -% the {\tt Match} construction of \Coq\ V5.8. It is provided only for -% sake of compatibility with \Coq\ V5.8. It is recommended to avoid it. -% (see Section~\ref{Matchexpr}). - -% There is also a notation \texttt{Case} that is the -% ancestor of \texttt{match}. Again, it is still in the code for -% compatibility with old versions but the user should not use it. - -% Explained in RefMan-gal.tex -%% \section{Forced type} - -%% In some cases, one may wish to assign a particular type to a term. The -%% syntax to force the type of a term is the following: - -%% \medskip -%% \begin{tabular}{lcl} -%% {\term} & ++= & {\term} {\tt :} {\term}\\ -%% \end{tabular} -%% \medskip - -%% It forces the first term to be of type the second term. The -%% type must be compatible with -%% the term. More precisely it must be either a type convertible to -%% the automatically inferred type (see Chapter~\ref{Cic}) or a type -%% coercible to it, (see \ref{Coercions}). When the type of a -%% whole expression is forced, it is usually not necessary to give the types of -%% the variables involved in the term. - -%% Example: - -%% \begin{coq_example} -%% Definition ID := forall X:Set, X -> X. -%% Definition id := (fun X x => x):ID. -%% Check id. -%% \end{coq_example} - -\section{Advanced recursive functions} - -The following \emph{experimental} command is available -when the {\tt FunInd} library has been loaded via {\tt Require Import FunInd}: -\begin{center} - \texttt{Function {\ident} {\binder$_1$}\ldots{\binder$_n$} - \{decrease\_annot\} : type$_0$ := \term$_0$} - \comindex{Function} - \label{Function} -\end{center} -This command can be seen as a generalization of {\tt Fixpoint}. It is actually -a wrapper for several ways of defining a function \emph{and other useful - related objects}, namely: an induction principle that reflects the -recursive structure of the function (see \ref{FunInduction}) and its -fixpoint equality. - The meaning of this -declaration is to define a function {\it ident}, similarly to {\tt - Fixpoint}. Like in {\tt Fixpoint}, the decreasing argument must be -given (unless the function is not recursive), but it might not -necessarily be \emph{structurally} decreasing. The point of the {\tt - \{\}} annotation is to name the decreasing argument \emph{and} to -describe which kind of decreasing criteria must be used to ensure -termination of recursive calls. - -The {\tt Function} construction also enjoys the {\tt with} extension -to define mutually recursive definitions. However, this feature does -not work for non structurally recursive functions. % VRAI?? - -See the documentation of {\tt functional induction} -(see Section~\ref{FunInduction}) and {\tt Functional Scheme} -(see Section~\ref{FunScheme} and \ref{FunScheme-examples}) for how to use the -induction principle to easily reason about the function. - -\noindent {\bf Remark: } To obtain the right principle, it is better -to put rigid parameters of the function as first arguments. For -example it is better to define plus like this: - -\begin{coq_example*} -Function plus (m n : nat) {struct n} : nat := - match n with - | 0 => m - | S p => S (plus m p) - end. -\end{coq_example*} -\noindent than like this: -\begin{coq_eval} -Reset plus. -\end{coq_eval} -\begin{coq_example*} -Function plus (n m : nat) {struct n} : nat := - match n with - | 0 => m - | S p => S (plus p m) - end. -\end{coq_example*} - -\paragraph[Limitations]{Limitations\label{sec:Function-limitations}} -\term$_0$ must be built as a \emph{pure pattern-matching tree} -(\texttt{match...with}) with applications only \emph{at the end} of -each branch. - -Function does not support partial application of the function being defined. Thus, the following example cannot be accepted due to the presence of partial application of \ident{wrong} into the body of \ident{wrong}~: -\begin{coq_eval} -Require List. -\end{coq_eval} -\begin{coq_example*} -Fail Function wrong (C:nat) : nat := - List.hd 0 (List.map wrong (C::nil)). -\end{coq_example*} - -For now dependent cases are not treated for non structurally terminating functions. - - - -\begin{ErrMsgs} -\item \errindex{The recursive argument must be specified} -\item \errindex{No argument name \ident} -\item \errindex{Cannot use mutual definition with well-founded - recursion or measure} - -\item \errindex{Cannot define graph for \ident\dots} (warning) - - The generation of the graph relation \texttt{(R\_\ident)} used to - compute the induction scheme of \ident\ raised a typing error. Only - the ident is defined; the induction scheme will not be generated. - - This error happens generally when: - - \begin{itemize} - \item the definition uses pattern matching on dependent types, which - \texttt{Function} cannot deal with yet. - \item the definition is not a \emph{pattern-matching tree} as - explained above. - \end{itemize} - -\item \errindex{Cannot define principle(s) for \ident\dots} (warning) - - The generation of the graph relation \texttt{(R\_\ident)} succeeded - but the induction principle could not be built. Only the ident is - defined. Please report. - -\item \errindex{Cannot build functional inversion principle} (warning) - - \texttt{functional inversion} will not be available for the - function. -\end{ErrMsgs} - - -\SeeAlso{\ref{FunScheme}, \ref{FunScheme-examples}, \ref{FunInduction}} - -Depending on the {\tt \{$\ldots$\}} annotation, different definition -mechanisms are used by {\tt Function}. More precise description -given below. - -\begin{Variants} -\item \texttt{ Function {\ident} {\binder$_1$}\ldots{\binder$_n$} - : type$_0$ := \term$_0$} - - Defines the not recursive function \ident\ as if declared with - \texttt{Definition}. Moreover the following are defined: - - \begin{itemize} - \item {\tt\ident\_rect}, {\tt\ident\_rec} and {\tt\ident\_ind}, - which reflect the pattern matching structure of \term$_0$ (see the - documentation of {\tt Inductive} \ref{Inductive}); - \item The inductive \texttt{R\_\ident} corresponding to the graph of - \ident\ (silently); - \item \texttt{\ident\_complete} and \texttt{\ident\_correct} which are - inversion information linking the function and its graph. - \end{itemize} -\item \texttt{Function {\ident} {\binder$_1$}\ldots{\binder$_n$} - {\tt \{}{\tt struct} \ident$_0${\tt\}} : type$_0$ := \term$_0$} - - Defines the structural recursive function \ident\ as if declared - with \texttt{Fixpoint}. Moreover the following are defined: - - \begin{itemize} - \item The same objects as above; - \item The fixpoint equation of \ident: \texttt{\ident\_equation}. - \end{itemize} - -\item \texttt{Function {\ident} {\binder$_1$}\ldots{\binder$_n$} {\tt - \{}{\tt measure \term$_1$} \ident$_0${\tt\}} : type$_0$ := - \term$_0$} -\item \texttt{Function {\ident} {\binder$_1$}\ldots{\binder$_n$} - {\tt \{}{\tt wf \term$_1$} \ident$_0${\tt\}} : type$_0$ := \term$_0$} - -Defines a recursive function by well founded recursion. \textbf{The -module \texttt{Recdef} of the standard library must be loaded for this -feature}. The {\tt \{\}} annotation is mandatory and must be one of -the following: -\begin{itemize} -\item {\tt \{measure} \term$_1$ \ident$_0${\tt\}} with \ident$_0$ - being the decreasing argument and \term$_1$ being a function - from type of \ident$_0$ to \texttt{nat} for which value on the - decreasing argument decreases (for the {\tt lt} order on {\tt - nat}) at each recursive call of \term$_0$. Parameters of the - function are bound in \term$_0$; -\item {\tt \{wf} \term$_1$ \ident$_0${\tt\}} with \ident$_0$ being - the decreasing argument and \term$_1$ an ordering relation on - the type of \ident$_0$ (i.e. of type T$_{\ident_0}$ - $\to$ T$_{\ident_0}$ $\to$ {\tt Prop}) for which - the decreasing argument decreases at each recursive call of - \term$_0$. The order must be well founded. Parameters of the - function are bound in \term$_0$. -\end{itemize} - -Depending on the annotation, the user is left with some proof -obligations that will be used to define the function. These proofs -are: proofs that each recursive call is actually decreasing with -respect to the given criteria, and (if the criteria is \texttt{wf}) a -proof that the ordering relation is well founded. - -%Completer sur measure et wf - -Once proof obligations are discharged, the following objects are -defined: - -\begin{itemize} -\item The same objects as with the \texttt{struct}; -\item The lemma \texttt{\ident\_tcc} which collects all proof - obligations in one property; -\item The lemmas \texttt{\ident\_terminate} and \texttt{\ident\_F} - which is needed to be inlined during extraction of \ident. -\end{itemize} - - - -%Complete!! -The way this recursive function is defined is the subject of several -papers by Yves Bertot and Antonia Balaa on the one hand, and Gilles Barthe, -Julien Forest, David Pichardie, and Vlad Rusu on the other hand. - -%Exemples ok ici - -\bigskip - -\noindent {\bf Remark: } Proof obligations are presented as several -subgoals belonging to a Lemma {\ident}{\tt\_tcc}. % These subgoals are independent which means that in order to -% abort them you will have to abort each separately. - - - -%The decreasing argument cannot be dependent of another?? - -%Exemples faux ici -\end{Variants} - - -\section{Section mechanism -\index{Sections} -\label{Section}} - -The sectioning mechanism can be used to to organize a proof in -structured sections. Then local declarations become available (see -Section~\ref{Basic-definitions}). - -\subsection{\tt Section {\ident}\comindex{Section}} - -This command is used to open a section named {\ident}. - -%% Discontinued ? -%% \begin{Variants} -%% \comindex{Chapter} -%% \item{\tt Chapter {\ident}}\\ -%% Same as {\tt Section {\ident}} -%% \end{Variants} - -\subsection{\tt End {\ident} -\comindex{End}} - -This command closes the section named {\ident}. After closing of the -section, the local declarations (variables and local definitions) get -{\em discharged}, meaning that they stop being visible and that all -global objects defined in the section are generalized with respect to -the variables and local definitions they each depended on in the -section. - - -Here is an example : -\begin{coq_example} -Section s1. -Variables x y : nat. -Let y' := y. -Definition x' := S x. -Definition x'' := x' + y'. -Print x'. -End s1. -Print x'. -Print x''. -\end{coq_example} -Notice the difference between the value of {\tt x'} and {\tt x''} -inside section {\tt s1} and outside. - -\begin{ErrMsgs} -\item \errindex{This is not the last opened section} -\end{ErrMsgs} - -\begin{Remarks} -\item Most commands, like {\tt Hint}, {\tt Notation}, option management, ... -which appear inside a section are canceled when the -section is closed. -% see Section~\ref{LongNames} -%\item Usually all identifiers must be distinct. -%However, a name already used in a closed section (see \ref{Section}) -%can be reused. In this case, the old name is no longer accessible. - -% Obsolète -%\item A module implicitly open a section. Be careful not to name a -%module with an identifier already used in the module (see \ref{compiled}). -\end{Remarks} - -\input{RefMan-mod.v} - -\section{Libraries and qualified names} - -\subsection{Names of libraries -\label{Libraries} -\index{Libraries}} - -The theories developed in {\Coq} are stored in {\em library files} -which are hierarchically classified into {\em libraries} and {\em - sublibraries}. To express this hierarchy, library names are -represented by qualified identifiers {\qualid}, i.e. as list of -identifiers separated by dots (see Section~\ref{qualid}). For -instance, the library file {\tt Mult} of the standard {\Coq} library -{\tt Arith} is named {\tt Coq.Arith.Mult}. The identifier that starts -the name of a library is called a {\em library root}. All library -files of the standard library of {\Coq} have the reserved root {\tt Coq} -but library file names based on other roots can be obtained by using -{\Coq} commands ({\tt coqc}, {\tt coqtop}, {\tt coqdep}, \dots) options -{\tt -Q} or {\tt -R} (see Section~\ref{coqoptions}). Also, when an -interactive {\Coq} session starts, a library of root {\tt Top} is -started, unless option {\tt -top} is set (see -Section~\ref{coqoptions}). - -\subsection{Qualified names -\label{LongNames} -\index{Qualified identifiers} -\index{Absolute names}} - -Library files are modules which possibly contain submodules which -eventually contain constructions (axioms, parameters, definitions, -lemmas, theorems, remarks or facts). The {\em absolute name}, or {\em -full name}, of a construction in some library file is a qualified -identifier starting with the logical name of the library file, -followed by the sequence of submodules names encapsulating the -construction and ended by the proper name of the construction. -Typically, the absolute name {\tt Coq.Init.Logic.eq} denotes Leibniz' -equality defined in the module {\tt Logic} in the sublibrary {\tt -Init} of the standard library of \Coq. - -The proper name that ends the name of a construction is the {\it short -name} (or sometimes {\it base name}) of the construction (for -instance, the short name of {\tt Coq.Init.Logic.eq} is {\tt eq}). Any -partial suffix of the absolute name is a {\em partially qualified name} -(e.g. {\tt Logic.eq} is a partially qualified name for {\tt -Coq.Init.Logic.eq}). Especially, the short name of a construction is -its shortest partially qualified name. - -{\Coq} does not accept two constructions (definition, theorem, ...) -with the same absolute name but different constructions can have the -same short name (or even same partially qualified names as soon as the -full names are different). - -Notice that the notion of absolute, partially qualified and -short names also applies to library file names. - -\paragraph{Visibility} - -{\Coq} maintains a table called {\it name table} which maps partially -qualified names of constructions to absolute names. This table is -updated by the commands {\tt Require} (see \ref{Require}), {\tt -Import} and {\tt Export} (see \ref{Import}) and also each time a new -declaration is added to the context. An absolute name is called {\it -visible} from a given short or partially qualified name when this -latter name is enough to denote it. This means that the short or -partially qualified name is mapped to the absolute name in {\Coq} name -table. Definitions flagged as {\tt Local} are only accessible with their -fully qualified name (see \ref{Definition}). - -It may happen that a visible name is hidden by the short name or a -qualified name of another construction. In this case, the name that -has been hidden must be referred to using one more level of -qualification. To ensure that a construction always remains -accessible, absolute names can never be hidden. - -Examples: -\begin{coq_eval} -Reset Initial. -\end{coq_eval} -\begin{coq_example} -Check 0. -Definition nat := bool. -Check 0. -Check Datatypes.nat. -Locate nat. -\end{coq_example} - -\SeeAlso Command {\tt Locate} in Section~\ref{Locate} and {\tt Locate -Library} in Section~\ref{Locate Library}. - -\subsection{Libraries and filesystem\label{loadpath}\index{Loadpath} -\index{Physical paths} \index{Logical paths}} - -Please note that the questions described here have been subject to -redesign in Coq v8.5. Former versions of Coq use the same terminology -to describe slightly different things. - -Compiled files (\texttt{.vo} and \texttt{.vio}) store sub-libraries. In -order to refer to them inside {\Coq}, a translation from file-system -names to {\Coq} names is needed. In this translation, names in the -file system are called {\em physical} paths while {\Coq} names are -contrastingly called {\em logical} names. - -A logical prefix {\tt Lib} can be associated to a physical path -\textrm{\textsl{path}} using the command line option {\tt -Q} -\textrm{\textsl{path}} {\tt Lib}. All subfolders of {\textsl{path}} are -recursively associated to the logical path {\tt Lib} extended with the -corresponding suffix coming from the physical path. For instance, the -folder {\tt path/fOO/Bar} maps to {\tt Lib.fOO.Bar}. Subdirectories -corresponding to invalid {\Coq} identifiers are skipped, and, by -convention, subdirectories named {\tt CVS} or {\tt \_darcs} are -skipped too. - -Thanks to this mechanism, {\texttt{.vo}} files are made available through the -logical name of the folder they are in, extended with their own basename. For -example, the name associated to the file {\tt path/fOO/Bar/File.vo} is -{\tt Lib.fOO.Bar.File}. The same caveat applies for invalid identifiers. -When compiling a source file, the {\texttt{.vo}} file stores its logical name, -so that an error is issued if it is loaded with the wrong loadpath afterwards. - -Some folders have a special status and are automatically put in the path. -{\Coq} commands associate automatically a logical path to files -in the repository trees rooted at the directory from where the command -is launched, \textit{coqlib}\texttt{/user-contrib/}, the directories -listed in the \verb:$COQPATH:, \verb:${XDG_DATA_HOME}/coq/: and -\verb:${XDG_DATA_DIRS}/coq/: environment variables (see -\url{http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html}) -with the same physical-to-logical translation and with an empty logical prefix. - -The command line option \texttt{-R} is a variant of \texttt{-Q} which has the -strictly same behavior regarding loadpaths, but which also makes the -corresponding \texttt{.vo} files available through their short names in a -way not unlike the {\tt Import} command (see~{\ref{Import}}). For instance, -\texttt{-R} \textrm{\textsl{path}} \texttt{Lib} associates to the file -\texttt{path/fOO/Bar/File.vo} the logical name \texttt{Lib.fOO.Bar.File}, but -allows this file to be accessed through the short names \texttt{fOO.Bar.File}, -\texttt{Bar.File} and \texttt{File}. If several files with identical base name -are present in different subdirectories of a recursive loadpath, which of -these files is found first may be system-dependent and explicit -qualification is recommended. The {\tt From} argument of the {\tt Require} -command can be used to bypass the implicit shortening by providing an absolute -root to the required file (see~\ref{Require}). - -There also exists another independent loadpath mechanism attached to {\ocaml} -object files (\texttt{.cmo} or \texttt{.cmxs}) rather than {\Coq} object files -as described above. The {\ocaml} loadpath is managed using the option -\texttt{-I path} (in the {\ocaml} world, there is neither a notion of logical -name prefix nor a way to access files in subdirectories of \texttt{path}). -See the command \texttt{Declare ML Module} in Section~\ref{compiled} to -understand the need of the {\ocaml} loadpath. - -See Section~\ref{coqoptions} for a more general view over the {\Coq} -command line options. - -%% \paragraph{The special case of remarks and facts} -%% -%% In contrast with definitions, lemmas, theorems, axioms and parameters, -%% the absolute name of remarks includes the segment of sections in which -%% it is defined. Concretely, if a remark {\tt R} is defined in -%% subsection {\tt S2} of section {\tt S1} in module {\tt M}, then its -%% absolute name is {\tt M.S1.S2.R}. The same for facts, except that the -%% name of the innermost section is dropped from the full name. Then, if -%% a fact {\tt F} is defined in subsection {\tt S2} of section {\tt S1} -%% in module {\tt M}, then its absolute name is {\tt M.S1.F}. - -\section{Implicit arguments -\index{Implicit arguments} -\label{Implicit Arguments}} - -An implicit argument of a function is an argument which can be -inferred from contextual knowledge. There are different kinds of -implicit arguments that can be considered implicit in different -ways. There are also various commands to control the setting or the -inference of implicit arguments. - -\subsection{The different kinds of implicit arguments} - -\subsubsection{Implicit arguments inferable from the knowledge of other -arguments of a function} - -The first kind of implicit arguments covers the arguments that are -inferable from the knowledge of the type of other arguments of the -function, or of the type of the surrounding context of the -application. Especially, such implicit arguments correspond to -parameters dependent in the type of the function. Typical implicit -arguments are the type arguments in polymorphic functions. -There are several kinds of such implicit arguments. - -\paragraph{Strict Implicit Arguments.} -An implicit argument can be either strict or non strict. An implicit -argument is said {\em strict} if, whatever the other arguments of the -function are, it is still inferable from the type of some other -argument. Technically, an implicit argument is strict if it -corresponds to a parameter which is not applied to a variable which -itself is another parameter of the function (since this parameter -may erase its arguments), not in the body of a {\tt match}, and not -itself applied or matched against patterns (since the original -form of the argument can be lost by reduction). - -For instance, the first argument of -\begin{quote} -\verb|cons: forall A:Set, A -> list A -> list A| -\end{quote} -in module {\tt List.v} is strict because {\tt list} is an inductive -type and {\tt A} will always be inferable from the type {\tt -list A} of the third argument of {\tt cons}. -On the contrary, the second argument of a term of type -\begin{quote} -\verb|forall P:nat->Prop, forall n:nat, P n -> ex nat P| -\end{quote} -is implicit but not strict, since it can only be inferred from the -type {\tt P n} of the third argument and if {\tt P} is, e.g., {\tt -fun \_ => True}, it reduces to an expression where {\tt n} does not -occur any longer. The first argument {\tt P} is implicit but not -strict either because it can only be inferred from {\tt P n} and {\tt -P} is not canonically inferable from an arbitrary {\tt n} and the -normal form of {\tt P n} (consider e.g. that {\tt n} is {\tt 0} and -the third argument has type {\tt True}, then any {\tt P} of the form -{\tt fun n => match n with 0 => True | \_ => \mbox{\em anything} end} would -be a solution of the inference problem). - -\paragraph{Contextual Implicit Arguments.} -An implicit argument can be {\em contextual} or not. An implicit -argument is said {\em contextual} if it can be inferred only from the -knowledge of the type of the context of the current expression. For -instance, the only argument of -\begin{quote} -\verb|nil : forall A:Set, list A| -\end{quote} -is contextual. Similarly, both arguments of a term of type -\begin{quote} -\verb|forall P:nat->Prop, forall n:nat, P n \/ n = 0| -\end{quote} -are contextual (moreover, {\tt n} is strict and {\tt P} is not). - -\paragraph{Reversible-Pattern Implicit Arguments.} -There is another class of implicit arguments that can be reinferred -unambiguously if all the types of the remaining arguments are -known. This is the class of implicit arguments occurring in the type -of another argument in position of reversible pattern, which means it -is at the head of an application but applied only to uninstantiated -distinct variables. Such an implicit argument is called {\em -reversible-pattern implicit argument}. A typical example is the -argument {\tt P} of {\tt nat\_rec} in -\begin{quote} -{\tt nat\_rec : forall P : nat -> Set, - P 0 -> (forall n : nat, P n -> P (S n)) -> forall x : nat, P x}. -\end{quote} -({\tt P} is reinferable by abstracting over {\tt n} in the type {\tt P n}). - -See Section~\ref{SetReversiblePatternImplicit} for the automatic declaration -of reversible-pattern implicit arguments. - -\subsubsection{Implicit arguments inferable by resolution} - -This corresponds to a class of non dependent implicit arguments that -are solved based on the structure of their type only. - -\subsection{Maximal or non maximal insertion of implicit arguments} - -In case a function is partially applied, and the next argument to be -applied is an implicit argument, two disciplines are applicable. In the -first case, the function is considered to have no arguments furtherly: -one says that the implicit argument is not maximally inserted. In -the second case, the function is considered to be implicitly applied -to the implicit arguments it is waiting for: one says that the -implicit argument is maximally inserted. - -Each implicit argument can be declared to have to be inserted -maximally or non maximally. This can be governed argument per argument -by the command {\tt Implicit Arguments} (see~\ref{ImplicitArguments}) -or globally by the command {\tt Set Maximal Implicit Insertion} -(see~\ref{SetMaximalImplicitInsertion}). See also -Section~\ref{PrintImplicit}. - -\subsection{Casual use of implicit arguments} - -In a given expression, if it is clear that some argument of a function -can be inferred from the type of the other arguments, the user can -force the given argument to be guessed by replacing it by ``{\tt \_}''. If -possible, the correct argument will be automatically generated. - -\begin{ErrMsgs} - -\item \errindex{Cannot infer a term for this placeholder} - - {\Coq} was not able to deduce an instantiation of a ``{\tt \_}''. - -\end{ErrMsgs} - -\subsection{Declaration of implicit arguments -\comindex{Arguments}} -\label{ImplicitArguments} - -In case one wants that some arguments of a given object (constant, -inductive types, constructors, assumptions, local or not) are always -inferred by Coq, one may declare once and for all which are the expected -implicit arguments of this object. There are two ways to do this, -a priori and a posteriori. - -\subsubsection{Implicit Argument Binders} - -In the first setting, one wants to explicitly give the implicit -arguments of a declared object as part of its definition. To do this, one has -to surround the bindings of implicit arguments by curly braces: -\begin{coq_eval} -Reset Initial. -\end{coq_eval} -\begin{coq_example} -Definition id {A : Type} (x : A) : A := x. -\end{coq_example} - -This automatically declares the argument {\tt A} of {\tt id} as a -maximally inserted implicit argument. One can then do as-if the argument -was absent in every situation but still be able to specify it if needed: -\begin{coq_example} -Definition compose {A B C} (g : B -> C) (f : A -> B) := - fun x => g (f x). -Goal forall A, compose id id = id (A:=A). -\end{coq_example} - -The syntax is supported in all top-level definitions: {\tt Definition}, -{\tt Fixpoint}, {\tt Lemma} and so on. For (co-)inductive datatype -declarations, the semantics are the following: an inductive parameter -declared as an implicit argument need not be repeated in the inductive -definition but will become implicit for the constructors of the -inductive only, not the inductive type itself. For example: - -\begin{coq_example} -Inductive list {A : Type} : Type := -| nil : list -| cons : A -> list -> list. -Print list. -\end{coq_example} - -One can always specify the parameter if it is not uniform using the -usual implicit arguments disambiguation syntax. - -\subsubsection{Declaring Implicit Arguments} - -To set implicit arguments a posteriori, one can use the -command: -\begin{quote} -\tt Arguments {\qualid} \nelist{\possiblybracketedident}{} -\end{quote} -where the list of {\possiblybracketedident} is a prefix of the list of arguments -of {\qualid} where the ones to be declared implicit are surrounded by square -brackets and the ones to be declared as maximally inserted implicits are -surrounded by curly braces. - -After the above declaration is issued, implicit arguments can just (and -have to) be skipped in any expression involving an application of -{\qualid}. - -Implicit arguments can be cleared with the following syntax: - -\begin{quote} -{\tt Arguments {\qualid} : clear implicits -\comindex{Arguments}} -\end{quote} - -\begin{Variants} -\item {\tt Global Arguments {\qualid} \nelist{\possiblybracketedident}{} -\comindex{Global Arguments}} - -Tell to recompute the implicit arguments of {\qualid} after ending of -the current section if any, enforcing the implicit arguments known -from inside the section to be the ones declared by the command. - -\item {\tt Local Arguments {\qualid} \nelist{\possiblybracketedident}{} -\comindex{Local Arguments}} - -When in a module, tell not to activate the implicit arguments of -{\qualid} declared by this command to contexts that require the -module. - -\item {\tt \zeroone{Global {\sl |} Local} Arguments {\qualid} \sequence{\nelist{\possiblybracketedident}{}}{,}} - -For names of constants, inductive types, constructors, lemmas which -can only be applied to a fixed number of arguments (this excludes for -instance constants whose type is polymorphic), multiple -implicit arguments decflarations can be given. -Depending on the number of arguments {\qualid} is applied -to in practice, the longest applicable list of implicit arguments is -used to select which implicit arguments are inserted. - -For printing, the omitted arguments are the ones of the longest list -of implicit arguments of the sequence. - -\end{Variants} - -\Example -\begin{coq_eval} -Reset Initial. -\end{coq_eval} -\begin{coq_example*} -Inductive list (A:Type) : Type := - | nil : list A - | cons : A -> list A -> list A. -\end{coq_example*} -\begin{coq_example} -Check (cons nat 3 (nil nat)). -Arguments cons [A] _ _. -Arguments nil [A]. -Check (cons 3 nil). -Fixpoint map (A B:Type) (f:A->B) (l:list A) : list B := - match l with nil => nil | cons a t => cons (f a) (map A B f t) end. -Fixpoint length (A:Type) (l:list A) : nat := - match l with nil => 0 | cons _ m => S (length A m) end. -Arguments map [A B] f l. -Arguments length {A} l. (* A has to be maximally inserted *) -Check (fun l:list (list nat) => map length l). -Arguments map [A B] f l, [A] B f l, A B f l. -Check (fun l => map length l = map (list nat) nat length l). -\end{coq_example} - -\Rem To know which are the implicit arguments of an object, use the command -{\tt Print Implicit} (see \ref{PrintImplicit}). - -\subsection{Automatic declaration of implicit arguments} - -{\Coq} can also automatically detect what are the implicit arguments -of a defined object. The command is just -\begin{quote} -{\tt Arguments {\qualid} : default implicits -\comindex{Arguments}} -\end{quote} -The auto-detection is governed by options telling if strict, -contextual, or reversible-pattern implicit arguments must be -considered or not (see -Sections~\ref{SetStrictImplicit},~\ref{SetContextualImplicit},~\ref{SetReversiblePatternImplicit} -and also~\ref{SetMaximalImplicitInsertion}). - -\begin{Variants} -\item {\tt Global Arguments {\qualid} : default implicits -\comindex{Global Arguments}} - -Tell to recompute the implicit arguments of {\qualid} after ending of -the current section if any. - -\item {\tt Local Arguments {\qualid} : default implicits -\comindex{Local Arguments}} - -When in a module, tell not to activate the implicit arguments of -{\qualid} computed by this declaration to contexts that requires the -module. - -\end{Variants} - -\Example -\begin{coq_eval} -Reset Initial. -\end{coq_eval} -\begin{coq_example*} -Inductive list (A:Set) : Set := - | nil : list A - | cons : A -> list A -> list A. -\end{coq_example*} -\begin{coq_example} -Arguments cons : default implicits. -Print Implicit cons. -Arguments nil : default implicits. -Print Implicit nil. -Set Contextual Implicit. -Arguments nil : default implicits. -Print Implicit nil. -\end{coq_example} - -The computation of implicit arguments takes account of the -unfolding of constants. For instance, the variable {\tt p} below has -type {\tt (Transitivity R)} which is reducible to {\tt forall x,y:U, R x -y -> forall z:U, R y z -> R x z}. As the variables {\tt x}, {\tt y} and -{\tt z} appear strictly in body of the type, they are implicit. - -\begin{coq_example*} -Variable X : Type. -Definition Relation := X -> X -> Prop. -Definition Transitivity (R:Relation) := - forall x y:X, R x y -> forall z:X, R y z -> R x z. -Variables (R : Relation) (p : Transitivity R). -Arguments p : default implicits. -\end{coq_example*} -\begin{coq_example} -Print p. -Print Implicit p. -\end{coq_example} -\begin{coq_example*} -Variables (a b c : X) (r1 : R a b) (r2 : R b c). -\end{coq_example*} -\begin{coq_example} -Check (p r1 r2). -\end{coq_example} - -\subsection{Mode for automatic declaration of implicit arguments -\label{Auto-implicit} -\optindex{Implicit Arguments}} - -In case one wants to systematically declare implicit the arguments -detectable as such, one may switch to the automatic declaration of -implicit arguments mode by using the command -\begin{quote} -\tt Set Implicit Arguments. -\end{quote} -Conversely, one may unset the mode by using {\tt Unset Implicit -Arguments}. The mode is off by default. Auto-detection of implicit -arguments is governed by options controlling whether strict and -contextual implicit arguments have to be considered or not. - -\subsection{Controlling strict implicit arguments -\optindex{Strict Implicit} -\label{SetStrictImplicit}} - -When the mode for automatic declaration of implicit arguments is on, -the default is to automatically set implicit only the strict implicit -arguments plus, for historical reasons, a small subset of the non -strict implicit arguments. To relax this constraint and to -set implicit all non strict implicit arguments by default, use the command -\begin{quote} -\tt Unset Strict Implicit. -\end{quote} -Conversely, use the command {\tt Set Strict Implicit} to -restore the original mode that declares implicit only the strict implicit arguments plus a small subset of the non strict implicit arguments. - -In the other way round, to capture exactly the strict implicit arguments and no more than the strict implicit arguments, use the command: -\optindex{Strongly Strict Implicit} -\begin{quote} -\tt Set Strongly Strict Implicit. -\end{quote} -Conversely, use the command {\tt Unset Strongly Strict Implicit} to -let the option ``{\tt Strict Implicit}'' decide what to do. - -\Rem In versions of {\Coq} prior to version 8.0, the default was to -declare the strict implicit arguments as implicit. - -\subsection{Controlling contextual implicit arguments -\optindex{Contextual Implicit} -\label{SetContextualImplicit}} - -By default, {\Coq} does not automatically set implicit the contextual -implicit arguments. To tell {\Coq} to infer also contextual implicit -argument, use command -\begin{quote} -\tt Set Contextual Implicit. -\end{quote} -Conversely, use command {\tt Unset Contextual Implicit} to -unset the contextual implicit mode. - -\subsection{Controlling reversible-pattern implicit arguments -\optindex{Reversible Pattern Implicit} -\label{SetReversiblePatternImplicit}} - -By default, {\Coq} does not automatically set implicit the reversible-pattern -implicit arguments. To tell {\Coq} to infer also reversible-pattern implicit -argument, use command -\begin{quote} -\tt Set Reversible Pattern Implicit. -\end{quote} -Conversely, use command {\tt Unset Reversible Pattern Implicit} to -unset the reversible-pattern implicit mode. - -\subsection{Controlling the insertion of implicit arguments not followed by explicit arguments -\optindex{Maximal Implicit Insertion} -\label{SetMaximalImplicitInsertion}} - -Implicit arguments can be declared to be automatically inserted when a -function is partially applied and the next argument of the function is -an implicit one. In case the implicit arguments are automatically -declared (with the command {\tt Set Implicit Arguments}), the command -\begin{quote} -\tt Set Maximal Implicit Insertion. -\end{quote} -is used to tell to declare the implicit arguments with a maximal -insertion status. By default, automatically declared implicit -arguments are not declared to be insertable maximally. To restore the -default mode for maximal insertion, use command {\tt Unset Maximal -Implicit Insertion}. - -\subsection{Explicit applications -\index{Explicitly given implicit arguments} -\label{Implicits-explicitation} -\index{qualid@{\qualid}} \index{\symbol{64}}} - -In presence of non strict or contextual argument, or in presence of -partial applications, the synthesis of implicit arguments may fail, so -one may have to give explicitly certain implicit arguments of an -application. The syntax for this is {\tt (\ident:=\term)} where {\ident} -is the name of the implicit argument and {\term} is its corresponding -explicit term. Alternatively, one can locally deactivate the hiding of -implicit arguments of a function by using the notation -{\tt @{\qualid}~{\term}$_1$..{\term}$_n$}. This syntax extension is -given Figure~\ref{fig:explicitations}. -\begin{figure} -\begin{centerframe} -\begin{tabular}{lcl} -{\term} & ++= & @ {\qualid} \nelist{\term}{}\\ -& $|$ & @ {\qualid}\\ -& $|$ & {\qualid} \nelist{\textrm{\textsl{argument}}}{}\\ -\\ -{\textrm{\textsl{argument}}} & ::= & {\term} \\ -& $|$ & {\tt ({\ident}:={\term})}\\ -\end{tabular} -\end{centerframe} -\caption{Syntax for explicitly giving implicit arguments} -\label{fig:explicitations} -\end{figure} - -\noindent {\bf Example (continued): } -\begin{coq_example} -Check (p r1 (z:=c)). -Check (p (x:=a) (y:=b) r1 (z:=c) r2). -\end{coq_example} - -\subsection{Renaming implicit arguments -\comindex{Arguments} -} - -Implicit arguments names can be redefined using the following syntax: -\begin{quote} -{\tt Arguments {\qualid} \nelist{\name}{} : rename} -\end{quote} - -With the {\tt assert} flag, {\tt Arguments} can be used to assert -that a given object has the expected number of arguments and that -these arguments are named as expected. - -\noindent {\bf Example (continued): } -\begin{coq_example} -Arguments p [s t] _ [u] _: rename. -Check (p r1 (u:=c)). -Check (p (s:=a) (t:=b) r1 (u:=c) r2). -Fail Arguments p [s t] _ [w] _ : assert. -\end{coq_example} - - -\subsection{Displaying what the implicit arguments are -\comindex{Print Implicit} -\label{PrintImplicit}} - -To display the implicit arguments associated to an object, and to know -if each of them is to be used maximally or not, use the command -\begin{quote} -\tt Print Implicit {\qualid}. -\end{quote} - -\subsection{Explicit displaying of implicit arguments for pretty-printing -\optindex{Printing Implicit} -\optindex{Printing Implicit Defensive}} - -By default the basic pretty-printing rules hide the inferable implicit -arguments of an application. To force printing all implicit arguments, -use command -\begin{quote} -{\tt Set Printing Implicit.} -\end{quote} -Conversely, to restore the hiding of implicit arguments, use command -\begin{quote} -{\tt Unset Printing Implicit.} -\end{quote} - -By default the basic pretty-printing rules display the implicit arguments that are not detected as strict implicit arguments. This ``defensive'' mode can quickly make the display cumbersome so this can be deactivated by using the command -\begin{quote} -{\tt Unset Printing Implicit Defensive.} -\end{quote} -Conversely, to force the display of non strict arguments, use command -\begin{quote} -{\tt Set Printing Implicit Defensive.} -\end{quote} - -\SeeAlso {\tt Set Printing All} in Section~\ref{SetPrintingAll}. - -\subsection{Interaction with subtyping} - -When an implicit argument can be inferred from the type of more than -one of the other arguments, then only the type of the first of these -arguments is taken into account, and not an upper type of all of -them. As a consequence, the inference of the implicit argument of -``='' fails in -\begin{coq_example*} -Fail Check nat = Prop. -\end{coq_example*} - -but succeeds in -\begin{coq_example*} -Check Prop = nat. -\end{coq_example*} - -\subsection{Deactivation of implicit arguments for parsing} -\optindex{Parsing Explicit} - -Use of implicit arguments can be deactivated by issuing the command: -\begin{quote} -{\tt Set Parsing Explicit.} -\end{quote} - -In this case, all arguments of constants, inductive types, -constructors, etc, including the arguments declared as implicit, have -to be given as if none arguments were implicit. By symmetry, this also -affects printing. To restore parsing and normal printing of implicit -arguments, use: -\begin{quote} -{\tt Unset Parsing Explicit.} -\end{quote} - -\subsection{Canonical structures -\comindex{Canonical Structure}} - -A canonical structure is an instance of a record/structure type that -can be used to solve unification problems involving a projection -applied to an unknown structure instance (an implicit argument) and -a value. The complete documentation of canonical structures can be found -in Chapter~\ref{CS-full}, here only a simple example is given. - -Assume that {\qualid} denotes an object $(Build\_struc~ c_1~ \ldots~ c_n)$ in -the -structure {\em struct} of which the fields are $x_1$, ..., -$x_n$. Assume that {\qualid} is declared as a canonical structure -using the command -\begin{quote} -{\tt Canonical Structure {\qualid}.} -\end{quote} -Then, each time an equation of the form $(x_i~ -\_)=_{\beta\delta\iota\zeta}c_i$ has to be solved during the -type-checking process, {\qualid} is used as a solution. Otherwise -said, {\qualid} is canonically used to extend the field $c_i$ into a -complete structure built on $c_i$. - -Canonical structures are particularly useful when mixed with -coercions and strict implicit arguments. Here is an example. -\begin{coq_example*} -Require Import Relations. -Require Import EqNat. -Set Implicit Arguments. -Unset Strict Implicit. -Structure Setoid : Type := - {Carrier :> Set; - Equal : relation Carrier; - Prf_equiv : equivalence Carrier Equal}. -Definition is_law (A B:Setoid) (f:A -> B) := - forall x y:A, Equal x y -> Equal (f x) (f y). -Axiom eq_nat_equiv : equivalence nat eq_nat. -Definition nat_setoid : Setoid := Build_Setoid eq_nat_equiv. -Canonical Structure nat_setoid. -\end{coq_example*} - -Thanks to \texttt{nat\_setoid} declared as canonical, the implicit -arguments {\tt A} and {\tt B} can be synthesized in the next statement. -\begin{coq_example} -Lemma is_law_S : is_law S. -\end{coq_example} - -\Rem If a same field occurs in several canonical structure, then -only the structure declared first as canonical is considered. - -\begin{Variants} -\item {\tt Canonical Structure {\ident} := {\term} : {\type}.}\\ - {\tt Canonical Structure {\ident} := {\term}.}\\ - {\tt Canonical Structure {\ident} : {\type} := {\term}.} - -These are equivalent to a regular definition of {\ident} followed by -the declaration - -{\tt Canonical Structure {\ident}}. -\end{Variants} - -\SeeAlso more examples in user contribution \texttt{category} -(\texttt{Rocq/ALGEBRA}). - -\subsubsection{Print Canonical Projections. -\comindex{Print Canonical Projections}} - -This displays the list of global names that are components of some -canonical structure. For each of them, the canonical structure of -which it is a projection is indicated. For instance, the above example -gives the following output: - -\begin{coq_example} -Print Canonical Projections. -\end{coq_example} - -\subsection{Implicit types of variables} -\comindex{Implicit Types} - -It is possible to bind variable names to a given type (e.g. in a -development using arithmetic, it may be convenient to bind the names -{\tt n} or {\tt m} to the type {\tt nat} of natural numbers). The -command for that is -\begin{quote} -\tt Implicit Types \nelist{\ident}{} : {\type} -\end{quote} -The effect of the command is to automatically set the type of bound -variables starting with {\ident} (either {\ident} itself or -{\ident} followed by one or more single quotes, underscore or digits) -to be {\type} (unless the bound variable is already declared with an -explicit type in which case, this latter type is considered). - -\Example -\begin{coq_example} -Require Import List. -Implicit Types m n : nat. -Lemma cons_inj_nat : forall m n l, n :: l = m :: l -> n = m. -intros m n. -Lemma cons_inj_bool : forall (m n:bool) l, n :: l = m :: l -> n = m. -\end{coq_example} - -\begin{Variants} -\item {\tt Implicit Type {\ident} : {\type}}\\ -This is useful for declaring the implicit type of a single variable. -\item - {\tt Implicit Types\,% -(\,{\ident$_{1,1}$}\ldots{\ident$_{1,k_1}$}\,{\tt :}\,{\term$_1$} {\tt )}\,% -\ldots\,{\tt (}\,{\ident$_{n,1}$}\ldots{\ident$_{n,k_n}$}\,{\tt :}\,% -{\term$_n$} {\tt )}.}\\ - Adds $n$ blocks of implicit types with different specifications. -\end{Variants} - - -\subsection{Implicit generalization -\label{implicit-generalization} -\comindex{Generalizable Variables}} -% \textquoteleft since \` doesn't do what we want -\index{0genimpl@{\textquoteleft\{\ldots\}}} -\index{0genexpl@{\textquoteleft(\ldots)}} - -Implicit generalization is an automatic elaboration of a statement with -free variables into a closed statement where these variables are -quantified explicitly. Implicit generalization is done inside binders -starting with a \texttt{\`{}} and terms delimited by \texttt{\`{}\{ \}} and -\texttt{\`{}( )}, always introducing maximally inserted implicit arguments for -the generalized variables. Inside implicit generalization -delimiters, free variables in the current context are automatically -quantified using a product or a lambda abstraction to generate a closed -term. In the following statement for example, the variables \texttt{n} -and \texttt{m} are automatically generalized and become explicit -arguments of the lemma as we are using \texttt{\`{}( )}: - -\begin{coq_example} -Generalizable All Variables. -Lemma nat_comm : `(n = n + 0). -\end{coq_example} -\begin{coq_eval} -Abort. -\end{coq_eval} -One can control the set of generalizable identifiers with the -\texttt{Generalizable} vernacular command to avoid unexpected -generalizations when mistyping identifiers. There are three variants of -the command: - -\begin{quote} -{\tt Generalizable (All|No) Variable(s)? ({\ident$_1$ \ident$_n$})?.} -\end{quote} - -\begin{Variants} -\item {\tt Generalizable All Variables.} All variables are candidate for - generalization if they appear free in the context under a - generalization delimiter. This may result in confusing errors in - case of typos. In such cases, the context will probably contain some - unexpected generalized variable. - -\item {\tt Generalizable No Variables.} Disable implicit generalization - entirely. This is the default behavior. - -\item {\tt Generalizable Variable(s)? {\ident$_1$ \ident$_n$}.} - Allow generalization of the given identifiers only. Calling this - command multiple times adds to the allowed identifiers. - -\item {\tt Global Generalizable} Allows to export the choice of - generalizable variables. -\end{Variants} - -One can also use implicit generalization for binders, in which case the -generalized variables are added as binders and set maximally implicit. -\begin{coq_example*} -Definition id `(x : A) : A := x. -\end{coq_example*} -\begin{coq_example} -Print id. -\end{coq_example} - -The generalizing binders \texttt{\`{}\{ \}} and \texttt{\`{}( )} work similarly to -their explicit counterparts, only binding the generalized variables -implicitly, as maximally-inserted arguments. In these binders, the -binding name for the bound object is optional, whereas the type is -mandatory, dually to regular binders. - -\section{Coercions -\label{Coercions} -\index{Coercions}} - -Coercions can be used to implicitly inject terms from one {\em class} in -which they reside into another one. A {\em class} is either a sort -(denoted by the keyword {\tt Sortclass}), a product type (denoted by the -keyword {\tt Funclass}), or a type constructor (denoted by its name), -e.g. an inductive type or any constant with a type of the form -\texttt{forall} $(x_1:A_1) .. (x_n:A_n),~s$ where $s$ is a sort. - -Then the user is able to apply an -object that is not a function, but can be coerced to a function, and -more generally to consider that a term of type A is of type B provided -that there is a declared coercion between A and B. The main command is -\comindex{Coercion} -\begin{quote} -\tt Coercion {\qualid} : {\class$_1$} >-> {\class$_2$}. -\end{quote} -which declares the construction denoted by {\qualid} as a -coercion between {\class$_1$} and {\class$_2$}. - -More details and examples, and a description of the commands related -to coercions are provided in Chapter~\ref{Coercions-full}. - -\section[Printing constructions in full]{Printing constructions in full\label{SetPrintingAll} -\optindex{Printing All}} - -Coercions, implicit arguments, the type of pattern-matching, but also -notations (see Chapter~\ref{Addoc-syntax}) can obfuscate the behavior -of some tactics (typically the tactics applying to occurrences of -subterms are sensitive to the implicit arguments). The command -\begin{quote} -{\tt Set Printing All.} -\end{quote} -deactivates all high-level printing features such as coercions, -implicit arguments, returned type of pattern-matching, notations and -various syntactic sugar for pattern-matching or record projections. -Otherwise said, {\tt Set Printing All} includes the effects -of the commands {\tt Set Printing Implicit}, {\tt Set Printing -Coercions}, {\tt Set Printing Synth}, {\tt Unset Printing Projections} -and {\tt Unset Printing Notations}. To reactivate the high-level -printing features, use the command -\begin{quote} -{\tt Unset Printing All.} -\end{quote} - -\section[Printing universes]{Printing universes\label{PrintingUniverses} -\optindex{Printing Universes}} - -The following command: -\begin{quote} -{\tt Set Printing Universes} -\end{quote} -activates the display of the actual level of each occurrence of -{\Type}. See Section~\ref{Sorts} for details. This wizard option, in -combination with \texttt{Set Printing All} (see -section~\ref{SetPrintingAll}) can help to diagnose failures to unify -terms apparently identical but internally different in the Calculus of -Inductive Constructions. To reactivate the display of the actual level -of the occurrences of {\Type}, use -\begin{quote} -{\tt Unset Printing Universes.} -\end{quote} - -\comindex{Print Universes} -\comindex{Print Sorted Universes} - -The constraints on the internal level of the occurrences of {\Type} -(see Section~\ref{Sorts}) can be printed using the command -\begin{quote} -{\tt Print \zeroone{Sorted} Universes.} -\end{quote} -If the optional {\tt Sorted} option is given, each universe will be -made equivalent to a numbered label reflecting its level (with a -linear ordering) in the universe hierarchy. - -This command also accepts an optional output filename: -\begin{quote} -\tt Print \zeroone{Sorted} Universes {\str}. -\end{quote} -If {\str} ends in \texttt{.dot} or \texttt{.gv}, the constraints are -printed in the DOT language, and can be processed by Graphviz -tools. The format is unspecified if {\str} doesn't end in -\texttt{.dot} or \texttt{.gv}. - -\section[Existential variables]{Existential variables\label{ExistentialVariables}} -\label{evars} - -Coq terms can include existential variables which -represents unknown subterms to eventually be replaced by actual -subterms. - -Existential variables are generated in place of unsolvable implicit -arguments or ``{\tt \_}'' placeholders when using commands such as -\texttt{Check} (see Section~\ref{Check}) or when using tactics such as -\texttt{refine}~(see Section~\ref{refine}), as well as in place of unsolvable -instances when using tactics such that \texttt{eapply} (see -Section~\ref{eapply}). An existential variable is defined in a -context, which is the context of variables of the placeholder which -generated the existential variable, and a type, which is the expected -type of the placeholder. - -As a consequence of typing constraints, existential variables can be -duplicated in such a way that they possibly appear in different -contexts than their defining context. Thus, any occurrence of a given -existential variable comes with an instance of its original context. In the -simple case, when an existential variable denotes the placeholder -which generated it, or is used in the same context as the one in which -it was generated, the context is not displayed and the existential -variable is represented by ``?'' followed by an identifier. - -\begin{coq_example} -Parameter identity : forall (X:Set), X -> X. -Check identity _ _. -Check identity _ (fun x => _). -\end{coq_example} - -In the general case, when an existential variable ?{\ident} -appears outside of its context of definition, its instance, written under -the form \verb!@{id1:=term1; ...; idn:=termn}!, is appending to its -name, indicating how the variables of its defining context are -instantiated. The variables of the context of the existential -variables which are instantiated by themselves are not written, unless -the flag {\tt Printing Existential Instances} is on (see -Section~\ref{SetPrintingExistentialInstances}), and this is why an -existential variable used in the same context as its context of -definition is written with no instance. - -\begin{coq_example} -Check (fun x y => _) 0 1. -Set Printing Existential Instances. -Check (fun x y => _) 0 1. -\end{coq_example} - -\begin{coq_eval} -Unset Printing Existential Instances. -\end{coq_eval} - -Existential variables can be named by the user upon creation using -the syntax {\tt ?[\ident]}. This is useful when the existential -variable needs to be explicitly handled later in the script (e.g. -with a named-goal selector, see~\ref{ltac:selector}). - -\subsection{Explicit displaying of existential instances for pretty-printing -\label{SetPrintingExistentialInstances} -\optindex{Printing Existential Instances}} - -The command: -\begin{quote} -{\tt Set Printing Existential Instances} -\end{quote} -activates the full display of how the context of an existential variable is -instantiated at each of the occurrences of the existential variable. - -To deactivate the full display of the instances of existential -variables, use -\begin{quote} -{\tt Unset Printing Existential Instances.} -\end{quote} - -\subsection{Solving existential variables using tactics} -\ttindex{ltac:( \ldots )} - -\def\expr{\textrm{\textsl{tacexpr}}} - -Instead of letting the unification engine try to solve an existential variable -by itself, one can also provide an explicit hole together with a tactic to solve -it. Using the syntax {\tt ltac:(\expr)}, the user can put a -tactic anywhere a term is expected. The order of resolution is not specified and -is implementation-dependent. The inner tactic may use any variable defined in -its scope, including repeated alternations between variables introduced by term -binding as well as those introduced by tactic binding. The expression {\expr} -can be any tactic expression as described at section~\ref{TacticLanguage}. - -\begin{coq_example*} -Definition foo (x : nat) : nat := ltac:(exact x). -\end{coq_example*} - -This construction is useful when one wants to define complicated terms using -highly automated tactics without resorting to writing the proof-term by means of -the interactive proof engine. - -This mechanism is comparable to the {\tt Declare Implicit Tactic} command -defined at~\ref{DeclareImplicit}, except that the used tactic is local to each -hole instead of being declared globally. - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% End: diff --git a/doc/refman/RefMan-ide.tex b/doc/refman/RefMan-ide.tex deleted file mode 100644 index 2d98534307..0000000000 --- a/doc/refman/RefMan-ide.tex +++ /dev/null @@ -1,312 +0,0 @@ -\chapter[\Coq{} Integrated Development Environment]{\Coq{} Integrated Development Environment\label{Addoc-coqide} -\ttindex{coqide}} -%HEVEA\cutname{coqide.html} - -The \Coq{} Integrated Development Environment is a graphical tool, to -be used as a user-friendly replacement to \texttt{coqtop}. Its main -purpose is to allow the user to navigate forward and backward into a -\Coq{} vernacular file, executing corresponding commands or undoing -them respectively. % CREDITS ? Proof general, lablgtk, ... - -\CoqIDE{} is run by typing the command \verb|coqide| on the command -line. Without argument, the main screen is displayed with an ``unnamed -buffer'', and with a file name as argument, another buffer displaying -the contents of that file. Additionally, \verb|coqide| accepts the same -options as \verb|coqtop|, given in Chapter~\ref{Addoc-coqc}, the ones having -obviously no meaning for \CoqIDE{} being ignored. - -\begin{figure}[t] -\begin{center} -%HEVEA\imgsrc[alt="coqide main screen"]{coqide.png} -%BEGIN LATEX -\ifpdf % si on est en pdflatex -\includegraphics[width=1.0\textwidth]{coqide.png} -\else -\includegraphics[width=1.0\textwidth]{coqide.eps} -\fi -%END LATEX -\end{center} -\caption{\CoqIDE{} main screen} -\label{fig:coqide} -\end{figure} - -A sample \CoqIDE{} main screen, while navigating into a file -\verb|Fermat.v|, is shown on Figure~\ref{fig:coqide}. At -the top is a menu bar, and a tool bar below it. The large window on -the left is displaying the various \emph{script buffers}. The upper right -window is the \emph{goal window}, where goals to -prove are displayed. The lower right window is the \emph{message window}, -where various messages resulting from commands are displayed. At the -bottom is the status bar. - -\section{Managing files and buffers, basic edition} - -In the script window, you may open arbitrarily many buffers to -edit. The \emph{File} menu allows you to open files or create some, -save them, print or export them into various formats. Among all these -buffers, there is always one which is the current -\emph{running buffer}, whose name is displayed on a background in the -\emph{processed} color (green by default), which is the one where Coq commands -are currently executed. - -Buffers may be edited as in any text editor, and classical basic -editing commands (Copy/Paste, \ldots) are available in the \emph{Edit} -menu. \CoqIDE{} offers only basic editing commands, so if you need -more complex editing commands, you may launch your favorite text -editor on the current buffer, using the \emph{Edit/External Editor} -menu. - -\section{Interactive navigation into \Coq{} scripts} - -The running buffer is the one where navigation takes place. The -toolbar offers five basic navigation commands. The first one, -represented by a down arrow icon, is for going forward executing one -command. If that command is successful, the part of the script that -has been executed is displayed on a background with the -processed color. If that command fails, the error message is -displayed in the message window, and the location of the error is -emphasized by an underline in the error foreground color (red by default). - -On Figure~\ref{fig:coqide}, the running buffer is \verb|Fermat.v|, all -commands until the \verb|Theorem| have been already executed, and the -user tried to go forward executing \verb|Induction n|. That command -failed because no such tactic exist (tactics are now in -lowercase\ldots), and the wrong word is underlined. - -Notice that the processed part of the running buffer is not editable. If -you ever want to modify something you have to go backward using the up -arrow tool, or even better, put the cursor where you want to go back -and use the \textsf{goto} button. Unlike with \verb|coqtop|, you -should never use \verb|Undo| to go backward. - -There are two additional buttons for navigation within the running buffer. -The ``down'' button with a line goes directly to the end; the ``up'' button -with a line goes back to the beginning. The handling of errors when using the -go-to-the-end button depends on whether \Coq{} is running in asynchronous mode or not -(see Chapter~\ref{Asyncprocessing}). If it is not running in that mode, execution stops -as soon as an error is found. Otherwise, execution continues, and the -error is marked with an underline in the error foreground color, with a background in -the error background color (pink by default). The same characterization of -error-handling applies when running several commands using the \textsf{goto} button. - -If you ever try to execute a command which happens to run during a -long time, and would like to abort it before its -termination, you may use the interrupt button (the white cross on a red circle). - -There are other buttons on the \CoqIDE{} toolbar: a button to save the running -buffer; a button to close the current buffer (an ``X''); buttons to switch among -buffers (left and right arrows); an ``information'' button; and a ``gears'' button. - -The ``information'' button is described in Section~\ref{sec:trytactics}. - -The ``gears'' button submits proof terms to the \Coq{} kernel for type-checking. -When \Coq{} uses asynchronous processing (see Chapter~\ref{Asyncprocessing}), proofs may -have been completed without kernel-checking of generated proof terms. The presence of -unchecked proof terms is indicated by \texttt{Qed} statements -that have a subdued \emph{being-processed} color (light blue by default), -rather than the processed color, though their preceding proofs have the processed color. - -Notice that for all these buttons, except for the ``gears'' button, their operations -are also available in the menu, where their keyboard shortcuts are given. - -\section[Try tactics automatically]{Try tactics automatically\label{sec:trytactics}} - -The menu \texttt{Try Tactics} provides some features for automatically -trying to solve the current goal using simple tactics. If such a -tactic succeeds in solving the goal, then its text is automatically -inserted into the script. There is finally a combination of these -tactics, called the \emph{proof wizard} which will try each of them in -turn. This wizard is also available as a tool button (the ``information'' -button). The set of tactics tried by the wizard is customizable in -the preferences. - -These tactics are general ones, in particular they do not refer to -particular hypotheses. You may also try specific tactics related to -the goal or one of the hypotheses, by clicking with the right mouse -button on the goal or the considered hypothesis. This is the -``contextual menu on goals'' feature, that may be disabled in the -preferences if undesirable. - -\section{Proof folding} - -As your script grows bigger and bigger, it might be useful to hide the proofs -of your theorems and lemmas. - -This feature is toggled via the \texttt{Hide} entry of the \texttt{Navigation} -menu. The proof shall be enclosed between \texttt{Proof.} and \texttt{Qed.}, -both with their final dots. The proof that shall be hidden or revealed is the -first one whose beginning statement (such as \texttt{Theorem}) precedes the -insertion cursor. - -\section{Vernacular commands, templates} - -The \texttt{Templates} menu allows using shortcuts to insert -vernacular commands. This is a nice way to proceed if you are not sure -of the spelling of the command you want. - -Moreover, this menu offers some \emph{templates} which will automatic -insert a complex command like Fixpoint with a convenient shape for its -arguments. - -\section{Queries} - -\begin{figure}[t] -\begin{center} -%HEVEA\imgsrc[alt="coqide query"]{coqide-queries.png} -%BEGIN LATEX -\ifpdf % si on est en pdflatex -\includegraphics[width=1.0\textwidth]{coqide-queries.png} -\else -\includegraphics[width=1.0\textwidth]{coqide-queries.eps} -\fi -%END LATEX -\end{center} -\caption{\CoqIDE{}: a Print query on a selected phrase} -\label{fig:queryselected} -\end{figure} - -We call \emph{query} any vernacular command that does not change the -current state, such as \verb|Check|, \verb|Search|, etc. -To run such commands interactively, without writing them in scripts, -\CoqIDE{} offers a \emph{query pane}. -The query pane can be displayed on demand by using the \texttt{View} menu, -or using the shortcut \verb|F1|. Queries can also be performed by -selecting a particular phrase, then choosing an item from the -\texttt{Queries} menu. The response then appears in the message window. -Figure~\ref{fig:queryselected} shows the result after selecting -of the phrase \verb|Nat.mul| in the script window, and choosing \verb|Print| -from the \texttt{Queries} menu. - -\section{Compilation} - -The \verb|Compile| menu offers direct commands to: -\begin{itemize} -\item compile the current buffer -\item run a compilation using \verb|make| -\item go to the last compilation error -\item create a \verb|makefile| using \verb|coq_makefile|. -\end{itemize} - -\section{Customizations} - -You may customize your environment using menu -\texttt{Edit/Preferences}. A new window will be displayed, with -several customization sections presented as a notebook. - -The first section is for selecting the text font used for scripts, goal -and message windows. - -The second section is devoted to file management: you may -configure automatic saving of files, by periodically saving the -contents into files named \verb|#f#| for each opened file -\verb|f|. You may also activate the \emph{revert} feature: in case a -opened file is modified on the disk by a third party, \CoqIDE{} may read -it again for you. Note that in the case you edited that same file, you -will be prompt to choose to either discard your changes or not. The -\texttt{File charset encoding} choice is described below in -Section~\ref{sec:coqidecharencoding} - - -The \verb|Externals| section allows customizing the external commands -for compilation, printing, web browsing. In the browser command, you -may use \verb|%s| to denote the URL to open, for example: % -\verb|mozilla -remote "OpenURL(%s)"|. - -The \verb|Tactics Wizard| section allows defining the set of tactics -that should be tried, in sequence, to solve the current goal. - -The last section is for miscellaneous boolean settings, such as the -``contextual menu on goals'' feature presented in -Section~\ref{sec:trytactics}. - -Notice that these settings are saved in the file \verb|.coqiderc| of -your home directory. - -A gtk2 accelerator keymap is saved under the name \verb|.coqide.keys|. -It is not recommanded to edit this file manually: to modify a given menu -shortcut, go to the corresponding menu item without releasing the -mouse button, press the key you want for the new shortcut, and release -the mouse button afterwards. If your system does not allow it, you may still -edit this configuration file by hand, but this is more involved. - -\section{Using Unicode symbols} - -\CoqIDE{} is based on GTK+ and inherits from it support for Unicode in -its text windows. Consequently a large set of symbols is available for -notations. - -\subsection{Displaying Unicode symbols} - -You just need to define suitable notations as described in -Chapter~\ref{Addoc-syntax}. For example, to use the mathematical symbols -$\forall$ and $\exists$, you may define -\begin{quote}\tt -Notation "$\forall$ x : t, P" := \\ -\qquad (forall x:t, P) (at level 200, x ident).\\ -Notation "$\exists$ x : t, P" := \\ -\qquad (exists x:t, P) (at level 200, x ident). -\end{quote} -There exists a small set of such notations already defined, in the -file \verb|utf8.v| of \Coq{} library, so you may enable them just by -\verb|Require utf8| inside \CoqIDE{}, or equivalently, by starting -\CoqIDE{} with \verb|coqide -l utf8|. - -However, there are some issues when using such Unicode symbols: you of -course need to use a character font which supports them. In the Fonts -section of the preferences, the Preview line displays some Unicode symbols, so -you could figure out if the selected font is OK. Related to this, one -thing you may need to do is choose whether GTK+ should use antialiased -fonts or not, by setting the environment variable \verb|GDK_USE_XFT| -to 1 or 0 respectively. - -\subsection{Defining an input method for non ASCII symbols} - -To input a Unicode symbol, a general method provided by GTK+ -is to simultaneously press the -Control, Shift and ``u'' keys, release, then type the hexadecimal code of the -symbol required, for example \verb|2200| for the $\forall$ symbol. -A list of symbol codes is available at \url{http://www.unicode.org}. - -An alternative method which does not require to know the hexadecimal -code of the character is to use an Input Method Editor. On POSIX -systems (Linux distributions, BSD variants and MacOS X), you can use -\texttt{uim} version 1.6 or later which provides a \LaTeX{}-style -input method. - -To configure \texttt{uim}, execute \texttt{uim-pref-gtk} as your regular user. -In the "Global Settings" group set the default Input Method to "ELatin" (don't -forget to tick the checkbox "Specify default IM"). In the "ELatin" group set the -layout to "TeX", and remember the content of the "[ELatin] on" field (by default -Control-\textbackslash). You can now execute CoqIDE with the following commands (assuming -you use a Bourne-style shell): - -\begin{verbatim} -$ export GTK_IM_MODULE=uim -$ coqide -\end{verbatim} - -Activate the ELatin Input Method with Control-\textbackslash, then type the -sequence "\verb=\Gamma=". You will see the sequence being -replaced by $\Gamma$ as soon as you type the second "a". - -\subsection[Character encoding for saved files]{Character encoding for saved files\label{sec:coqidecharencoding}} - -In the \texttt{Files} section of the preferences, the encoding option -is related to the way files are saved. - -If you have no need to exchange files with non UTF-8 aware -applications, it is better to choose the UTF-8 encoding, since it -guarantees that your files will be read again without problems. (This -is because when \CoqIDE{} reads a file, it tries to automatically -detect its character encoding.) - -If you choose something else than UTF-8, then missing characters will -be written encoded by \verb|\x{....}| or \verb|\x{........}| where -each dot is an hexadecimal digit: the number between braces is the -hexadecimal Unicode index for the missing character. - - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% End: diff --git a/doc/refman/RefMan-int.tex b/doc/refman/RefMan-int.tex deleted file mode 100644 index f802a35950..0000000000 --- a/doc/refman/RefMan-int.tex +++ /dev/null @@ -1,143 +0,0 @@ -%BEGIN LATEX -\setheaders{Introduction} -%END LATEX -\chapter*{Introduction} -%HEVEA\cutname{introduction.html} - -This document is the Reference Manual of version \coqversion{} of the \Coq\ -proof assistant. A companion volume, the \Coq\ Tutorial, is provided -for the beginners. It is advised to read the Tutorial first. -A book~\cite{CoqArt} on practical uses of the \Coq{} system was published in 2004 and is a good support for both the beginner and -the advanced user. - -%The system \Coq\ is designed to develop mathematical proofs. It can be -%used by mathematicians to develop mathematical theories and by -%computer scientists to write formal specifications, -The \Coq{} system is designed to develop mathematical proofs, and -especially to write formal specifications, programs and to verify that -programs are correct with respect to their specification. It provides -a specification language named \gallina. Terms of \gallina\ can -represent programs as well as properties of these programs and proofs -of these properties. Using the so-called \textit{Curry-Howard - isomorphism}, programs, properties and proofs are formalized in the -same language called \textit{Calculus of Inductive Constructions}, -that is a $\lambda$-calculus with a rich type system. All logical -judgments in \Coq\ are typing judgments. The very heart of the Coq -system is the type-checking algorithm that checks the correctness of -proofs, in other words that checks that a program complies to its -specification. \Coq\ also provides an interactive proof assistant to -build proofs using specific programs called \textit{tactics}. - -All services of the \Coq\ proof assistant are accessible by -interpretation of a command language called \textit{the vernacular}. - -\Coq\ has an interactive mode in which commands are interpreted as the -user types them in from the keyboard and a compiled mode where -commands are processed from a file. - -\begin{itemize} -\item The interactive mode may be used as a debugging mode in which - the user can develop his theories and proofs step by step, - backtracking if needed and so on. The interactive mode is run with - the {\tt coqtop} command from the operating system (which we shall - assume to be some variety of UNIX in the rest of this document). -\item The compiled mode acts as a proof checker taking a file - containing a whole development in order to ensure its correctness. - Moreover, \Coq's compiler provides an output file containing a - compact representation of its input. The compiled mode is run with - the {\tt coqc} command from the operating system. - -\end{itemize} -These two modes are documented in Chapter~\ref{Addoc-coqc}. - -Other modes of interaction with \Coq{} are possible: through an emacs -shell window, an emacs generic user-interface for proof assistant -({\ProofGeneral}~\cite{ProofGeneral}) or through a customized interface -(PCoq~\cite{Pcoq}). These facilities are not documented here. There -is also a \Coq{} Integrated Development Environment described in -Chapter~\ref{Addoc-coqide}. - -\section*{How to read this book} - -This is a Reference Manual, not a User Manual, so it is not made for a -continuous reading. However, it has some structure that is explained -below. - -\begin{itemize} -\item The first part describes the specification language, - Gallina. Chapters~\ref{Gallina} and~\ref{Gallina-extension} - describe the concrete syntax as well as the meaning of programs, - theorems and proofs in the Calculus of Inductive - Constructions. Chapter~\ref{Theories} describes the standard library - of \Coq. Chapter~\ref{Cic} is a mathematical description of the - formalism. Chapter~\ref{chapter:Modules} describes the module system. - -\item The second part describes the proof engine. It is divided in - five chapters. Chapter~\ref{Vernacular-commands} presents all - commands (we call them \emph{vernacular commands}) that are not - directly related to interactive proving: requests to the - environment, complete or partial evaluation, loading and compiling - files. How to start and stop proofs, do multiple proofs in parallel - is explained in Chapter~\ref{Proof-handling}. In - Chapter~\ref{Tactics}, all commands that realize one or more steps - of the proof are presented: we call them \emph{tactics}. The - language to combine these tactics into complex proof strategies is - given in Chapter~\ref{TacticLanguage}. Examples of tactics are - described in Chapter~\ref{Tactics-examples}. - -%\item The third part describes how to extend the system in two ways: -% adding parsing and pretty-printing rules -% (Chapter~\ref{Addoc-syntax}) and writing new tactics -% (Chapter~\ref{TacticLanguage}). - -\item The third part describes how to extend the syntax of \Coq. It -corresponds to the Chapter~\ref{Addoc-syntax}. - -\item In the fourth part more practical tools are documented. First in - Chapter~\ref{Addoc-coqc}, the usage of \texttt{coqc} (batch mode) - and \texttt{coqtop} (interactive mode) with their options is - described. Then, in Chapter~\ref{Utilities}, - various utilities that come with the \Coq\ distribution are - presented. - Finally, Chapter~\ref{Addoc-coqide} describes the \Coq{} integrated - development environment. - -\item The fifth part documents a number of advanced features, including - coercions, canonical structures, typeclasses, program extraction, and - specialized solvers and tactics. See the table of contents for a complete - list. -\end{itemize} - -At the end of the document, after the global index, the user can find -specific indexes for tactics, vernacular commands, and error -messages. - -\section*{List of additional documentation} - -This manual does not contain all the documentation the user may need -about \Coq{}. Various informations can be found in the following -documents: -\begin{description} - -\item[Tutorial] - A companion volume to this reference manual, the \Coq{} Tutorial, is - aimed at gently introducing new users to developing proofs in \Coq{} - without assuming prior knowledge of type theory. In a second step, the - user can read also the tutorial on recursive types (document {\tt - RecTutorial.ps}). - -\item[Installation] A text file INSTALL that comes with the sources - explains how to install \Coq{}. - -\item[The \Coq{} standard library] -A commented version of sources of the \Coq{} standard library -(including only the specifications, the proofs are removed) -is given in the additional document {\tt Library.ps}. - -\end{description} - - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% End: diff --git a/doc/refman/RefMan-lib.tex b/doc/refman/RefMan-lib.tex deleted file mode 100644 index c8e8443026..0000000000 --- a/doc/refman/RefMan-lib.tex +++ /dev/null @@ -1,1111 +0,0 @@ -\chapter[The {\Coq} library]{The {\Coq} library\index{Theories}\label{Theories}} -%HEVEA\cutname{stdlib.html} - -The \Coq\ library is structured into two parts: - -\begin{description} -\item[The initial library:] it contains - elementary logical notions and data-types. It constitutes the - basic state of the system directly available when running - \Coq; - -\item[The standard library:] general-purpose libraries containing - various developments of \Coq\ axiomatizations about sets, lists, - sorting, arithmetic, etc. This library comes with the system and its - modules are directly accessible through the \verb!Require! command - (see Section~\ref{Require}); -\end{description} - -In addition, user-provided libraries or developments are provided by -\Coq\ users' community. These libraries and developments are available -for download at \url{http://coq.inria.fr} (see -Section~\ref{Contributions}). - -The chapter briefly reviews the \Coq\ libraries whose contents can -also be browsed at \url{http://coq.inria.fr/stdlib}. - -\section[The basic library]{The basic library\label{Prelude}} - -This section lists the basic notions and results which are directly -available in the standard \Coq\ system\footnote{Most -of these constructions are defined in the -{\tt Prelude} module in directory {\tt theories/Init} at the {\Coq} -root directory; this includes the modules -{\tt Notations}, -{\tt Logic}, -{\tt Datatypes}, -{\tt Specif}, -{\tt Peano}, -{\tt Wf} and -{\tt Tactics}. -Module {\tt Logic\_Type} also makes it in the initial state}. - -\subsection[Notations]{Notations\label{Notations}} - -This module defines the parsing and pretty-printing of many symbols -(infixes, prefixes, etc.). However, it does not assign a meaning to -these notations. The purpose of this is to define and fix once for all -the precedence and associativity of very common notations. The main -notations fixed in the initial state are listed on -Figure~\ref{init-notations}. - -\begin{figure} -\begin{center} -\begin{tabular}{|cll|} -\hline -Notation & Precedence & Associativity \\ -\hline -\verb!_ <-> _! & 95 & no \\ -\verb!_ \/ _! & 85 & right \\ -\verb!_ /\ _! & 80 & right \\ -\verb!~ _! & 75 & right \\ -\verb!_ = _! & 70 & no \\ -\verb!_ = _ = _! & 70 & no \\ -\verb!_ = _ :> _! & 70 & no \\ -\verb!_ <> _! & 70 & no \\ -\verb!_ <> _ :> _! & 70 & no \\ -\verb!_ < _! & 70 & no \\ -\verb!_ > _! & 70 & no \\ -\verb!_ <= _! & 70 & no \\ -\verb!_ >= _! & 70 & no \\ -\verb!_ < _ < _! & 70 & no \\ -\verb!_ < _ <= _! & 70 & no \\ -\verb!_ <= _ < _! & 70 & no \\ -\verb!_ <= _ <= _! & 70 & no \\ -\verb!_ + _! & 50 & left \\ -\verb!_ || _! & 50 & left \\ -\verb!_ - _! & 50 & left \\ -\verb!_ * _! & 40 & left \\ -\verb!_ && _! & 40 & left \\ -\verb!_ / _! & 40 & left \\ -\verb!- _! & 35 & right \\ -\verb!/ _! & 35 & right \\ -\verb!_ ^ _! & 30 & right \\ -\hline -\end{tabular} -\end{center} -\caption{Notations in the initial state} -\label{init-notations} -\end{figure} - -\subsection[Logic]{Logic\label{Logic}} - -\begin{figure} -\begin{centerframe} -\begin{tabular}{lclr} -{\form} & ::= & {\tt True} & ({\tt True})\\ - & $|$ & {\tt False} & ({\tt False})\\ - & $|$ & {\tt\char'176} {\form} & ({\tt not})\\ - & $|$ & {\form} {\tt /$\backslash$} {\form} & ({\tt and})\\ - & $|$ & {\form} {\tt $\backslash$/} {\form} & ({\tt or})\\ - & $|$ & {\form} {\tt ->} {\form} & (\em{primitive implication})\\ - & $|$ & {\form} {\tt <->} {\form} & ({\tt iff})\\ - & $|$ & {\tt forall} {\ident} {\tt :} {\type} {\tt ,} - {\form} & (\em{primitive for all})\\ - & $|$ & {\tt exists} {\ident} \zeroone{{\tt :} {\specif}} {\tt - ,} {\form} & ({\tt ex})\\ - & $|$ & {\tt exists2} {\ident} \zeroone{{\tt :} {\specif}} {\tt - ,} {\form} {\tt \&} {\form} & ({\tt ex2})\\ - & $|$ & {\term} {\tt =} {\term} & ({\tt eq})\\ - & $|$ & {\term} {\tt =} {\term} {\tt :>} {\specif} & ({\tt eq}) -\end{tabular} -\end{centerframe} -\caption{Syntax of formulas} -\label{formulas-syntax} -\end{figure} - -The basic library of {\Coq} comes with the definitions of standard -(intuitionistic) logical connectives (they are defined as inductive -constructions). They are equipped with an appealing syntax enriching the -(subclass {\form}) of the syntactic class {\term}. The syntax -extension is shown on Figure~\ref{formulas-syntax}. - -% The basic library of {\Coq} comes with the definitions of standard -% (intuitionistic) logical connectives (they are defined as inductive -% constructions). They are equipped with an appealing syntax enriching -% the (subclass {\form}) of the syntactic class {\term}. The syntax -% extension \footnote{This syntax is defined in module {\tt -% LogicSyntax}} is shown on Figure~\ref{formulas-syntax}. - -\Rem Implication is not defined but primitive (it is a non-dependent -product of a proposition over another proposition). There is also a -primitive universal quantification (it is a dependent product over a -proposition). The primitive universal quantification allows both -first-order and higher-order quantification. - -\subsubsection[Propositional Connectives]{Propositional Connectives\label{Connectives} -\index{Connectives}} - -First, we find propositional calculus connectives: -\ttindex{True} -\ttindex{I} -\ttindex{False} -\ttindex{not} -\ttindex{and} -\ttindex{conj} -\ttindex{proj1} -\ttindex{proj2} - -\begin{coq_eval} -Set Printing Depth 50. -\end{coq_eval} -\begin{coq_example*} -Inductive True : Prop := I. -Inductive False : Prop := . -Definition not (A: Prop) := A -> False. -Inductive and (A B:Prop) : Prop := conj (_:A) (_:B). -Section Projections. -Variables A B : Prop. -Theorem proj1 : A /\ B -> A. -Theorem proj2 : A /\ B -> B. -\end{coq_example*} -\begin{coq_eval} -Abort All. -\end{coq_eval} -\begin{coq_example*} -End Projections. -\end{coq_example*} -\ttindex{or} -\ttindex{or\_introl} -\ttindex{or\_intror} -\ttindex{iff} -\ttindex{IF\_then\_else} -\begin{coq_example*} -Inductive or (A B:Prop) : Prop := - | or_introl (_:A) - | or_intror (_:B). -Definition iff (P Q:Prop) := (P -> Q) /\ (Q -> P). -Definition IF_then_else (P Q R:Prop) := P /\ Q \/ ~ P /\ R. -\end{coq_example*} - -\subsubsection[Quantifiers]{Quantifiers\label{Quantifiers} -\index{Quantifiers}} - -Then we find first-order quantifiers: -\ttindex{all} -\ttindex{ex} -\ttindex{exists} -\ttindex{ex\_intro} -\ttindex{ex2} -\ttindex{exists2} -\ttindex{ex\_intro2} - -\begin{coq_example*} -Definition all (A:Set) (P:A -> Prop) := forall x:A, P x. -Inductive ex (A: Set) (P:A -> Prop) : Prop := - ex_intro (x:A) (_:P x). -Inductive ex2 (A:Set) (P Q:A -> Prop) : Prop := - ex_intro2 (x:A) (_:P x) (_:Q x). -\end{coq_example*} - -The following abbreviations are allowed: -\begin{center} - \begin{tabular}[h]{|l|l|} - \hline - \verb+exists x:A, P+ & \verb+ex A (fun x:A => P)+ \\ - \verb+exists x, P+ & \verb+ex _ (fun x => P)+ \\ - \verb+exists2 x:A, P & Q+ & \verb+ex2 A (fun x:A => P) (fun x:A => Q)+ \\ - \verb+exists2 x, P & Q+ & \verb+ex2 _ (fun x => P) (fun x => Q)+ \\ - \hline - \end{tabular} -\end{center} - -The type annotation ``\texttt{:A}'' can be omitted when \texttt{A} can be -synthesized by the system. - -\subsubsection[Equality]{Equality\label{Equality} -\index{Equality}} - -Then, we find equality, defined as an inductive relation. That is, -given a type \verb:A: and an \verb:x: of type \verb:A:, the -predicate \verb:(eq A x): is the smallest one which contains \verb:x:. -This definition, due to Christine Paulin-Mohring, is equivalent to -define \verb:eq: as the smallest reflexive relation, and it is also -equivalent to Leibniz' equality. - -\ttindex{eq} -\ttindex{eq\_refl} - -\begin{coq_example*} -Inductive eq (A:Type) (x:A) : A -> Prop := - eq_refl : eq A x x. -\end{coq_example*} - -\subsubsection[Lemmas]{Lemmas\label{PreludeLemmas}} - -Finally, a few easy lemmas are provided. - -\ttindex{absurd} - -\begin{coq_example*} -Theorem absurd : forall A C:Prop, A -> ~ A -> C. -\end{coq_example*} -\begin{coq_eval} -Abort. -\end{coq_eval} -\ttindex{eq\_sym} -\ttindex{eq\_trans} -\ttindex{f\_equal} -\ttindex{sym\_not\_eq} -\begin{coq_example*} -Section equality. -Variables A B : Type. -Variable f : A -> B. -Variables x y z : A. -Theorem eq_sym : x = y -> y = x. -Theorem eq_trans : x = y -> y = z -> x = z. -Theorem f_equal : x = y -> f x = f y. -Theorem not_eq_sym : x <> y -> y <> x. -\end{coq_example*} -\begin{coq_eval} -Abort. -Abort. -Abort. -Abort. -\end{coq_eval} -\ttindex{eq\_ind\_r} -\ttindex{eq\_rec\_r} -\ttindex{eq\_rect} -\ttindex{eq\_rect\_r} -%Definition eq_rect: (A:Set)(x:A)(P:A->Type)(P x)->(y:A)(x=y)->(P y). -\begin{coq_example*} -End equality. -Definition eq_ind_r : - forall (A:Type) (x:A) (P:A->Prop), P x -> forall y:A, y = x -> P y. -Definition eq_rec_r : - forall (A:Type) (x:A) (P:A->Set), P x -> forall y:A, y = x -> P y. -Definition eq_rect_r : - forall (A:Type) (x:A) (P:A->Type), P x -> forall y:A, y = x -> P y. -\end{coq_example*} -\begin{coq_eval} -Abort. -Abort. -Abort. -\end{coq_eval} -%Abort (for now predefined eq_rect) -\begin{coq_example*} -Hint Immediate eq_sym not_eq_sym : core. -\end{coq_example*} -\ttindex{f\_equal$i$} - -The theorem {\tt f\_equal} is extended to functions with two to five -arguments. The theorem are names {\tt f\_equal2}, {\tt f\_equal3}, -{\tt f\_equal4} and {\tt f\_equal5}. -For instance {\tt f\_equal3} is defined the following way. -\begin{coq_example*} -Theorem f_equal3 : - forall (A1 A2 A3 B:Type) (f:A1 -> A2 -> A3 -> B) - (x1 y1:A1) (x2 y2:A2) (x3 y3:A3), - x1 = y1 -> x2 = y2 -> x3 = y3 -> f x1 x2 x3 = f y1 y2 y3. -\end{coq_example*} -\begin{coq_eval} -Abort. -\end{coq_eval} - -\subsection[Datatypes]{Datatypes\label{Datatypes} -\index{Datatypes}} - -\begin{figure} -\begin{centerframe} -\begin{tabular}{rclr} -{\specif} & ::= & {\specif} {\tt *} {\specif} & ({\tt prod})\\ - & $|$ & {\specif} {\tt +} {\specif} & ({\tt sum})\\ - & $|$ & {\specif} {\tt + \{} {\specif} {\tt \}} & ({\tt sumor})\\ - & $|$ & {\tt \{} {\specif} {\tt \} + \{} {\specif} {\tt \}} & - ({\tt sumbool})\\ - & $|$ & {\tt \{} {\ident} {\tt :} {\specif} {\tt |} {\form} {\tt \}} - & ({\tt sig})\\ - & $|$ & {\tt \{} {\ident} {\tt :} {\specif} {\tt |} {\form} {\tt \&} - {\form} {\tt \}} & ({\tt sig2})\\ - & $|$ & {\tt \{} {\ident} {\tt :} {\specif} {\tt \&} {\specif} {\tt - \}} & ({\tt sigT})\\ - & $|$ & {\tt \{} {\ident} {\tt :} {\specif} {\tt \&} {\specif} {\tt - \&} {\specif} {\tt \}} & ({\tt sigT2})\\ - & & & \\ -{\term} & ::= & {\tt (} {\term} {\tt ,} {\term} {\tt )} & ({\tt pair}) -\end{tabular} -\end{centerframe} -\caption{Syntax of data-types and specifications} -\label{specif-syntax} -\end{figure} - - -In the basic library, we find the definition\footnote{They are in {\tt - Datatypes.v}} of the basic data-types of programming, again -defined as inductive constructions over the sort \verb:Set:. Some of -them come with a special syntax shown on Figure~\ref{specif-syntax}. - -\subsubsection[Programming]{Programming\label{Programming} -\index{Programming} -\label{libnats} -\ttindex{unit} -\ttindex{tt} -\ttindex{bool} -\ttindex{true} -\ttindex{false} -\ttindex{nat} -\ttindex{O} -\ttindex{S} -\ttindex{option} -\ttindex{Some} -\ttindex{None} -\ttindex{identity} -\ttindex{refl\_identity}} - -\begin{coq_example*} -Inductive unit : Set := tt. -Inductive bool : Set := true | false. -Inductive nat : Set := O | S (n:nat). -Inductive option (A:Set) : Set := Some (_:A) | None. -Inductive identity (A:Type) (a:A) : A -> Type := - refl_identity : identity A a a. -\end{coq_example*} - -Note that zero is the letter \verb:O:, and {\sl not} the numeral -\verb:0:. - -The predicate {\tt identity} is logically -equivalent to equality but it lives in sort {\tt - Type}. It is mainly maintained for compatibility. - -We then define the disjoint sum of \verb:A+B: of two sets \verb:A: and -\verb:B:, and their product \verb:A*B:. -\ttindex{sum} -\ttindex{A+B} -\ttindex{+} -\ttindex{inl} -\ttindex{inr} -\ttindex{prod} -\ttindex{A*B} -\ttindex{*} -\ttindex{pair} -\ttindex{fst} -\ttindex{snd} - -\begin{coq_example*} -Inductive sum (A B:Set) : Set := inl (_:A) | inr (_:B). -Inductive prod (A B:Set) : Set := pair (_:A) (_:B). -Section projections. -Variables A B : Set. -Definition fst (H: prod A B) := match H with - | pair _ _ x y => x - end. -Definition snd (H: prod A B) := match H with - | pair _ _ x y => y - end. -End projections. -\end{coq_example*} - -Some operations on {\tt bool} are also provided: {\tt andb} (with -infix notation {\tt \&\&}), {\tt orb} (with -infix notation {\tt ||}), {\tt xorb}, {\tt implb} and {\tt negb}. - -\subsection{Specification} - -The following notions\footnote{They are defined in module {\tt -Specif.v}} allow to build new data-types and specifications. -They are available with the syntax shown on -Figure~\ref{specif-syntax}. - -For instance, given \verb|A:Type| and \verb|P:A->Prop|, the construct -\verb+{x:A | P x}+ (in abstract syntax \verb+(sig A P)+) is a -\verb:Type:. We may build elements of this set as \verb:(exist x p): -whenever we have a witness \verb|x:A| with its justification -\verb|p:P x|. - -From such a \verb:(exist x p): we may in turn extract its witness -\verb|x:A| (using an elimination construct such as \verb:match:) but -{\sl not} its justification, which stays hidden, like in an abstract -data-type. In technical terms, one says that \verb:sig: is a ``weak -(dependent) sum''. A variant \verb:sig2: with two predicates is also -provided. - -\ttindex{\{x:A $\mid$ (P x)\}} -\ttindex{sig} -\ttindex{exist} -\ttindex{sig2} -\ttindex{exist2} - -\begin{coq_example*} -Inductive sig (A:Set) (P:A -> Prop) : Set := exist (x:A) (_:P x). -Inductive sig2 (A:Set) (P Q:A -> Prop) : Set := - exist2 (x:A) (_:P x) (_:Q x). -\end{coq_example*} - -A ``strong (dependent) sum'' \verb+{x:A & P x}+ may be also defined, -when the predicate \verb:P: is now defined as a -constructor of types in \verb:Type:. - -\ttindex{\{x:A \& (P x)\}} -\ttindex{\&} -\ttindex{sigT} -\ttindex{existT} -\ttindex{projT1} -\ttindex{projT2} -\ttindex{sigT2} -\ttindex{existT2} - -\begin{coq_example*} -Inductive sigT (A:Type) (P:A -> Type) : Type := existT (x:A) (_:P x). -Section Projections2. -Variable A : Type. -Variable P : A -> Type. -Definition projT1 (H:sigT A P) := let (x, h) := H in x. -Definition projT2 (H:sigT A P) := - match H return P (projT1 H) with - existT _ _ x h => h - end. -End Projections2. -Inductive sigT2 (A: Type) (P Q:A -> Type) : Type := - existT2 (x:A) (_:P x) (_:Q x). -\end{coq_example*} - -A related non-dependent construct is the constructive sum -\verb"{A}+{B}" of two propositions \verb:A: and \verb:B:. -\label{sumbool} -\ttindex{sumbool} -\ttindex{left} -\ttindex{right} -\ttindex{\{A\}+\{B\}} - -\begin{coq_example*} -Inductive sumbool (A B:Prop) : Set := left (_:A) | right (_:B). -\end{coq_example*} - -This \verb"sumbool" construct may be used as a kind of indexed boolean -data-type. An intermediate between \verb"sumbool" and \verb"sum" is -the mixed \verb"sumor" which combines \verb"A:Set" and \verb"B:Prop" -in the \verb"Set" \verb"A+{B}". -\ttindex{sumor} -\ttindex{inleft} -\ttindex{inright} -\ttindex{A+\{B\}} - -\begin{coq_example*} -Inductive sumor (A:Set) (B:Prop) : Set := -| inleft (_:A) -| inright (_:B). -\end{coq_example*} - -We may define variants of the axiom of choice, like in Martin-Löf's -Intuitionistic Type Theory. -\ttindex{Choice} -\ttindex{Choice2} -\ttindex{bool\_choice} - -\begin{coq_example*} -Lemma Choice : - forall (S S':Set) (R:S -> S' -> Prop), - (forall x:S, {y : S' | R x y}) -> - {f : S -> S' | forall z:S, R z (f z)}. -Lemma Choice2 : - forall (S S':Set) (R:S -> S' -> Set), - (forall x:S, {y : S' & R x y}) -> - {f : S -> S' & forall z:S, R z (f z)}. -Lemma bool_choice : - forall (S:Set) (R1 R2:S -> Prop), - (forall x:S, {R1 x} + {R2 x}) -> - {f : S -> bool | - forall x:S, f x = true /\ R1 x \/ f x = false /\ R2 x}. -\end{coq_example*} -\begin{coq_eval} -Abort. -Abort. -Abort. -\end{coq_eval} - -The next construct builds a sum between a data-type \verb|A:Type| and -an exceptional value encoding errors: - -\ttindex{Exc} -\ttindex{value} -\ttindex{error} - -\begin{coq_example*} -Definition Exc := option. -Definition value := Some. -Definition error := None. -\end{coq_example*} - - -This module ends with theorems, -relating the sorts \verb:Set: or \verb:Type: and -\verb:Prop: in a way which is consistent with the realizability -interpretation. -\ttindex{False\_rect} -\ttindex{False\_rec} -\ttindex{eq\_rect} -\ttindex{absurd\_set} -\ttindex{and\_rect} - -\begin{coq_example*} -Definition except := False_rec. -Theorem absurd_set : forall (A:Prop) (C:Set), A -> ~ A -> C. -Theorem and_rect2 : - forall (A B:Prop) (P:Type), (A -> B -> P) -> A /\ B -> P. -\end{coq_example*} -%\begin{coq_eval} -%Abort. -%Abort. -%\end{coq_eval} - -\subsection{Basic Arithmetics} - -The basic library includes a few elementary properties of natural -numbers, together with the definitions of predecessor, addition and -multiplication\footnote{This is in module {\tt Peano.v}}. It also -provides a scope {\tt nat\_scope} gathering standard notations for -common operations (+, *) and a decimal notation for numbers. That is he -can write \texttt{3} for \texttt{(S (S (S O)))}. This also works on -the left hand side of a \texttt{match} expression (see for example -section~\ref{refine-example}). This scope is opened by default. - -%Remove the redefinition of nat -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - -The following example is not part of the standard library, but it -shows the usage of the notations: - -\begin{coq_example*} -Fixpoint even (n:nat) : bool := - match n with - | 0 => true - | 1 => false - | S (S n) => even n - end. -\end{coq_example*} - - -\ttindex{eq\_S} -\ttindex{pred} -\ttindex{pred\_Sn} -\ttindex{eq\_add\_S} -\ttindex{not\_eq\_S} -\ttindex{IsSucc} -\ttindex{O\_S} -\ttindex{n\_Sn} -\ttindex{plus} -\ttindex{plus\_n\_O} -\ttindex{plus\_n\_Sm} -\ttindex{mult} -\ttindex{mult\_n\_O} -\ttindex{mult\_n\_Sm} - -\begin{coq_example*} -Theorem eq_S : forall x y:nat, x = y -> S x = S y. -\end{coq_example*} -\begin{coq_eval} -Abort. -\end{coq_eval} -\begin{coq_example*} -Definition pred (n:nat) : nat := - match n with - | 0 => 0 - | S u => u - end. -Theorem pred_Sn : forall m:nat, m = pred (S m). -Theorem eq_add_S : forall n m:nat, S n = S m -> n = m. -Hint Immediate eq_add_S : core. -Theorem not_eq_S : forall n m:nat, n <> m -> S n <> S m. -\end{coq_example*} -\begin{coq_eval} -Abort All. -\end{coq_eval} -\begin{coq_example*} -Definition IsSucc (n:nat) : Prop := - match n with - | 0 => False - | S p => True - end. -Theorem O_S : forall n:nat, 0 <> S n. -Theorem n_Sn : forall n:nat, n <> S n. -\end{coq_example*} -\begin{coq_eval} -Abort All. -\end{coq_eval} -\begin{coq_example*} -Fixpoint plus (n m:nat) {struct n} : nat := - match n with - | 0 => m - | S p => S (p + m) - end -where "n + m" := (plus n m) : nat_scope. -Lemma plus_n_O : forall n:nat, n = n + 0. -Lemma plus_n_Sm : forall n m:nat, S (n + m) = n + S m. -\end{coq_example*} -\begin{coq_eval} -Abort All. -\end{coq_eval} -\begin{coq_example*} -Fixpoint mult (n m:nat) {struct n} : nat := - match n with - | 0 => 0 - | S p => m + p * m - end -where "n * m" := (mult n m) : nat_scope. -Lemma mult_n_O : forall n:nat, 0 = n * 0. -Lemma mult_n_Sm : forall n m:nat, n * m + n = n * (S m). -\end{coq_example*} -\begin{coq_eval} -Abort All. -\end{coq_eval} - -Finally, it gives the definition of the usual orderings \verb:le:, -\verb:lt:, \verb:ge:, and \verb:gt:. -\ttindex{le} -\ttindex{le\_n} -\ttindex{le\_S} -\ttindex{lt} -\ttindex{ge} -\ttindex{gt} - -\begin{coq_example*} -Inductive le (n:nat) : nat -> Prop := - | le_n : le n n - | le_S : forall m:nat, n <= m -> n <= (S m) -where "n <= m" := (le n m) : nat_scope. -Definition lt (n m:nat) := S n <= m. -Definition ge (n m:nat) := m <= n. -Definition gt (n m:nat) := m < n. -\end{coq_example*} - -Properties of these relations are not initially known, but may be -required by the user from modules \verb:Le: and \verb:Lt:. Finally, -\verb:Peano: gives some lemmas allowing pattern-matching, and a double -induction principle. - -\ttindex{nat\_case} -\ttindex{nat\_double\_ind} - -\begin{coq_example*} -Theorem nat_case : - forall (n:nat) (P:nat -> Prop), - P 0 -> (forall m:nat, P (S m)) -> P n. -\end{coq_example*} -\begin{coq_eval} -Abort All. -\end{coq_eval} -\begin{coq_example*} -Theorem nat_double_ind : - forall R:nat -> nat -> Prop, - (forall n:nat, R 0 n) -> - (forall n:nat, R (S n) 0) -> - (forall n m:nat, R n m -> R (S n) (S m)) -> forall n m:nat, R n m. -\end{coq_example*} -\begin{coq_eval} -Abort All. -\end{coq_eval} - -\subsection{Well-founded recursion} - -The basic library contains the basics of well-founded recursion and -well-founded induction\footnote{This is defined in module {\tt Wf.v}}. -\index{Well foundedness} -\index{Recursion} -\index{Well founded induction} -\ttindex{Acc} -\ttindex{Acc\_inv} -\ttindex{Acc\_rect} -\ttindex{well\_founded} - -\begin{coq_example*} -Section Well_founded. -Variable A : Type. -Variable R : A -> A -> Prop. -Inductive Acc (x:A) : Prop := - Acc_intro : (forall y:A, R y x -> Acc y) -> Acc x. -Lemma Acc_inv x : Acc x -> forall y:A, R y x -> Acc y. -\end{coq_example*} -\begin{coq_eval} -destruct 1; trivial. -Defined. -\end{coq_eval} -%% Acc_rect now primitively defined -%% Section AccRec. -%% Variable P : A -> Set. -%% Variable F : -%% forall x:A, -%% (forall y:A, R y x -> Acc y) -> (forall y:A, R y x -> P y) -> P x. -%% Fixpoint Acc_rec (x:A) (a:Acc x) {struct a} : P x := -%% F x (Acc_inv x a) -%% (fun (y:A) (h:R y x) => Acc_rec y (Acc_inv x a y h)). -%% End AccRec. -\begin{coq_example*} -Definition well_founded := forall a:A, Acc a. -Hypothesis Rwf : well_founded. -Theorem well_founded_induction : - forall P:A -> Set, - (forall x:A, (forall y:A, R y x -> P y) -> P x) -> forall a:A, P a. -Theorem well_founded_ind : - forall P:A -> Prop, - (forall x:A, (forall y:A, R y x -> P y) -> P x) -> forall a:A, P a. -\end{coq_example*} -\begin{coq_eval} -Abort All. -\end{coq_eval} -The automatically generated scheme {\tt Acc\_rect} -can be used to define functions by fixpoints using -well-founded relations to justify termination. Assuming -extensionality of the functional used for the recursive call, the -fixpoint equation can be proved. -\ttindex{Fix\_F} -\ttindex{fix\_eq} -\ttindex{Fix\_F\_inv} -\ttindex{Fix\_F\_eq} -\begin{coq_example*} -Section FixPoint. -Variable P : A -> Type. -Variable F : forall x:A, (forall y:A, R y x -> P y) -> P x. -Fixpoint Fix_F (x:A) (r:Acc x) {struct r} : P x := - F x (fun (y:A) (p:R y x) => Fix_F y (Acc_inv x r y p)). -Definition Fix (x:A) := Fix_F x (Rwf x). -Hypothesis F_ext : - forall (x:A) (f g:forall y:A, R y x -> P y), - (forall (y:A) (p:R y x), f y p = g y p) -> F x f = F x g. -Lemma Fix_F_eq : - forall (x:A) (r:Acc x), - F x (fun (y:A) (p:R y x) => Fix_F y (Acc_inv x r y p)) = Fix_F x r. -Lemma Fix_F_inv : forall (x:A) (r s:Acc x), Fix_F x r = Fix_F x s. -Lemma fix_eq : forall x:A, Fix x = F x (fun (y:A) (p:R y x) => Fix y). -\end{coq_example*} -\begin{coq_eval} -Abort All. -\end{coq_eval} -\begin{coq_example*} -End FixPoint. -End Well_founded. -\end{coq_example*} - -\subsection{Accessing the {\Type} level} - -The basic library includes the definitions\footnote{This is in module -{\tt Logic\_Type.v}} of the counterparts of some data-types and logical -quantifiers at the \verb:Type: level: negation, pair, and properties -of {\tt identity}. - -\ttindex{notT} -\ttindex{prodT} -\ttindex{pairT} -\begin{coq_eval} -Reset Initial. -\end{coq_eval} -\begin{coq_example*} -Definition notT (A:Type) := A -> False. -Inductive prodT (A B:Type) : Type := pairT (_:A) (_:B). -\end{coq_example*} - -At the end, it defines data-types at the {\Type} level. - -\subsection{Tactics} - -A few tactics defined at the user level are provided in the initial -state\footnote{This is in module {\tt Tactics.v}}. They are listed at -\url{http://coq.inria.fr/stdlib} (paragraph {\tt Init}, link {\tt - Tactics}). - -\section{The standard library} - -\subsection{Survey} - -The rest of the standard library is structured into the following -subdirectories: - -\begin{tabular}{lp{12cm}} - {\bf Logic} & Classical logic and dependent equality \\ - {\bf Arith} & Basic Peano arithmetic \\ - {\bf PArith} & Basic positive integer arithmetic \\ - {\bf NArith} & Basic binary natural number arithmetic \\ - {\bf ZArith} & Basic relative integer arithmetic \\ - {\bf Numbers} & Various approaches to natural, integer and cyclic numbers (currently axiomatically and on top of 2$^{31}$ binary words) \\ - {\bf Bool} & Booleans (basic functions and results) \\ - {\bf Lists} & Monomorphic and polymorphic lists (basic functions and - results), Streams (infinite sequences defined with co-inductive - types) \\ - {\bf Sets} & Sets (classical, constructive, finite, infinite, power set, - etc.) \\ - {\bf FSets} & Specification and implementations of finite sets and finite - maps (by lists and by AVL trees)\\ - {\bf Reals} & Axiomatization of real numbers (classical, basic functions, - integer part, fractional part, limit, derivative, Cauchy - series, power series and results,...)\\ - {\bf Relations} & Relations (definitions and basic results) \\ - {\bf Sorting} & Sorted list (basic definitions and heapsort correctness) \\ - {\bf Strings} & 8-bits characters and strings\\ - {\bf Wellfounded} & Well-founded relations (basic results) \\ - -\end{tabular} -\medskip - -These directories belong to the initial load path of the system, and -the modules they provide are compiled at installation time. So they -are directly accessible with the command \verb!Require! (see -Chapter~\ref{Other-commands}). - -The different modules of the \Coq\ standard library are described in the -additional document \verb!Library.dvi!. They are also accessible on the WWW -through the \Coq\ homepage -\footnote{\url{http://coq.inria.fr}}. - -\subsection[Notations for integer arithmetics]{Notations for integer arithmetics\index{Arithmetical notations}} - -On Figure~\ref{zarith-syntax} is described the syntax of expressions -for integer arithmetics. It is provided by requiring and opening the -module {\tt ZArith} and opening scope {\tt Z\_scope}. - -\ttindex{+} -\ttindex{*} -\ttindex{-} -\ttindex{/} -\ttindex{<=} -\ttindex{>=} -\ttindex{<} -\ttindex{>} -\ttindex{?=} -\ttindex{mod} - -\begin{figure} -\begin{center} -\begin{tabular}{l|l|l|l} -Notation & Interpretation & Precedence & Associativity\\ -\hline -\verb!_ < _! & {\tt Z.lt} &&\\ -\verb!x <= y! & {\tt Z.le} &&\\ -\verb!_ > _! & {\tt Z.gt} &&\\ -\verb!x >= y! & {\tt Z.ge} &&\\ -\verb!x < y < z! & {\tt x < y \verb!/\! y < z} &&\\ -\verb!x < y <= z! & {\tt x < y \verb!/\! y <= z} &&\\ -\verb!x <= y < z! & {\tt x <= y \verb!/\! y < z} &&\\ -\verb!x <= y <= z! & {\tt x <= y \verb!/\! y <= z} &&\\ -\verb!_ ?= _! & {\tt Z.compare} & 70 & no\\ -\verb!_ + _! & {\tt Z.add} &&\\ -\verb!_ - _! & {\tt Z.sub} &&\\ -\verb!_ * _! & {\tt Z.mul} &&\\ -\verb!_ / _! & {\tt Z.div} &&\\ -\verb!_ mod _! & {\tt Z.modulo} & 40 & no \\ -\verb!- _! & {\tt Z.opp} &&\\ -\verb!_ ^ _! & {\tt Z.pow} &&\\ -\end{tabular} -\end{center} -\caption{Definition of the scope for integer arithmetics ({\tt Z\_scope})} -\label{zarith-syntax} -\end{figure} - -Figure~\ref{zarith-syntax} shows the notations provided by {\tt -Z\_scope}. It specifies how notations are interpreted and, when not -already reserved, the precedence and associativity. - -\begin{coq_example*} -Require Import ZArith. -\end{coq_example*} -\begin{coq_example} -Check (2 + 3)%Z. -Open Scope Z_scope. -Check 2 + 3. -\end{coq_example} - -\subsection[Peano's arithmetic (\texttt{nat})]{Peano's arithmetic (\texttt{nat})\index{Peano's arithmetic} -\ttindex{nat\_scope}} - -While in the initial state, many operations and predicates of Peano's -arithmetic are defined, further operations and results belong to other -modules. For instance, the decidability of the basic predicates are -defined here. This is provided by requiring the module {\tt Arith}. - -Figure~\ref{nat-syntax} describes notation available in scope {\tt -nat\_scope}. - -\begin{figure} -\begin{center} -\begin{tabular}{l|l} -Notation & Interpretation \\ -\hline -\verb!_ < _! & {\tt lt} \\ -\verb!x <= y! & {\tt le} \\ -\verb!_ > _! & {\tt gt} \\ -\verb!x >= y! & {\tt ge} \\ -\verb!x < y < z! & {\tt x < y \verb!/\! y < z} \\ -\verb!x < y <= z! & {\tt x < y \verb!/\! y <= z} \\ -\verb!x <= y < z! & {\tt x <= y \verb!/\! y < z} \\ -\verb!x <= y <= z! & {\tt x <= y \verb!/\! y <= z} \\ -\verb!_ + _! & {\tt plus} \\ -\verb!_ - _! & {\tt minus} \\ -\verb!_ * _! & {\tt mult} \\ -\end{tabular} -\end{center} -\caption{Definition of the scope for natural numbers ({\tt nat\_scope})} -\label{nat-syntax} -\end{figure} - -\subsection{Real numbers library} - -\subsubsection[Notations for real numbers]{Notations for real numbers\index{Notations for real numbers}} - -This is provided by requiring and opening the module {\tt Reals} and -opening scope {\tt R\_scope}. This set of notations is very similar to -the notation for integer arithmetics. The inverse function was added. -\begin{figure} -\begin{center} -\begin{tabular}{l|l} -Notation & Interpretation \\ -\hline -\verb!_ < _! & {\tt Rlt} \\ -\verb!x <= y! & {\tt Rle} \\ -\verb!_ > _! & {\tt Rgt} \\ -\verb!x >= y! & {\tt Rge} \\ -\verb!x < y < z! & {\tt x < y \verb!/\! y < z} \\ -\verb!x < y <= z! & {\tt x < y \verb!/\! y <= z} \\ -\verb!x <= y < z! & {\tt x <= y \verb!/\! y < z} \\ -\verb!x <= y <= z! & {\tt x <= y \verb!/\! y <= z} \\ -\verb!_ + _! & {\tt Rplus} \\ -\verb!_ - _! & {\tt Rminus} \\ -\verb!_ * _! & {\tt Rmult} \\ -\verb!_ / _! & {\tt Rdiv} \\ -\verb!- _! & {\tt Ropp} \\ -\verb!/ _! & {\tt Rinv} \\ -\verb!_ ^ _! & {\tt pow} \\ -\end{tabular} -\end{center} -\label{reals-syntax} -\caption{Definition of the scope for real arithmetics ({\tt R\_scope})} -\end{figure} - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} -\begin{coq_example*} -Require Import Reals. -\end{coq_example*} -\begin{coq_example} -Check (2 + 3)%R. -Open Scope R_scope. -Check 2 + 3. -\end{coq_example} - -\subsubsection{Some tactics} - -In addition to the \verb|ring|, \verb|field| and \verb|fourier| -tactics (see Chapter~\ref{Tactics}) there are: -\begin{itemize} -\item {\tt discrR} \tacindex{discrR} - - Proves that a real integer constant $c_1$ is different from another - real integer constant $c_2$. - -\begin{coq_example*} -Require Import DiscrR. -Goal 5 <> 0. -\end{coq_example*} - -\begin{coq_example} -discrR. -\end{coq_example} - -\begin{coq_eval} -Abort. -\end{coq_eval} - -\item {\tt split\_Rabs} allows unfolding the {\tt Rabs} constant and splits -corresponding conjunctions. -\tacindex{split\_Rabs} - -\begin{coq_example*} -Require Import SplitAbsolu. -Goal forall x:R, x <= Rabs x. -\end{coq_example*} - -\begin{coq_example} -intro; split_Rabs. -\end{coq_example} - -\begin{coq_eval} -Abort. -\end{coq_eval} - -\item {\tt split\_Rmult} splits a condition that a product is - non null into subgoals corresponding to the condition on each - operand of the product. -\tacindex{split\_Rmult} - -\begin{coq_example*} -Require Import SplitRmult. -Goal forall x y z:R, x * y * z <> 0. -\end{coq_example*} - -\begin{coq_example} -intros; split_Rmult. -\end{coq_example} - -\end{itemize} - -These tactics has been written with the tactic language Ltac -described in Chapter~\ref{TacticLanguage}. - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - -\subsection[List library]{List library\index{Notations for lists} -\ttindex{length} -\ttindex{head} -\ttindex{tail} -\ttindex{app} -\ttindex{rev} -\ttindex{nth} -\ttindex{map} -\ttindex{flat\_map} -\ttindex{fold\_left} -\ttindex{fold\_right}} - -Some elementary operations on polymorphic lists are defined here. They -can be accessed by requiring module {\tt List}. - -It defines the following notions: -\begin{center} -\begin{tabular}{l|l} -\hline -{\tt length} & length \\ -{\tt head} & first element (with default) \\ -{\tt tail} & all but first element \\ -{\tt app} & concatenation \\ -{\tt rev} & reverse \\ -{\tt nth} & accessing $n$-th element (with default) \\ -{\tt map} & applying a function \\ -{\tt flat\_map} & applying a function returning lists \\ -{\tt fold\_left} & iterator (from head to tail) \\ -{\tt fold\_right} & iterator (from tail to head) \\ -\hline -\end{tabular} -\end{center} - -Table show notations available when opening scope {\tt list\_scope}. - -\begin{figure} -\begin{center} -\begin{tabular}{l|l|l|l} -Notation & Interpretation & Precedence & Associativity\\ -\hline -\verb!_ ++ _! & {\tt app} & 60 & right \\ -\verb!_ :: _! & {\tt cons} & 60 & right \\ -\end{tabular} -\end{center} -\label{list-syntax} -\caption{Definition of the scope for lists ({\tt list\_scope})} -\end{figure} - - -\section[Users' contributions]{Users' contributions\index{Contributions} -\label{Contributions}} - -Numerous users' contributions have been collected and are available at -URL \url{http://coq.inria.fr/contribs/}. On this web page, you have a list -of all contributions with informations (author, institution, quick -description, etc.) and the possibility to download them one by one. -You will also find informations on how to submit a new -contribution. - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% End: diff --git a/doc/refman/RefMan-ltac.tex b/doc/refman/RefMan-ltac.tex index c4c0435c5f..3ed697d8be 100644 --- a/doc/refman/RefMan-ltac.tex +++ b/doc/refman/RefMan-ltac.tex @@ -156,6 +156,8 @@ is understood as & | & {\tt type\_term} {\term}\\ & | & {\tt numgoals} \\ & | & {\tt guard} {\it test}\\ +& | & {\tt assert\_fails} {\tacexprpref}\\ +& | & {\tt assert\_succeds} {\tacexprpref}\\ & | & \atomictac\\ & | & {\qualid} \nelist{\tacarg}{}\\ & | & {\atom} @@ -598,6 +600,22 @@ The experimental status of this tactic pertains to the fact if $v$ performs side \ErrMsg \errindex{This tactic has more than one success} +\subsubsection[Checking the failure]{Checking the failure\tacindex{assert\_fails}\index{Tacticals!assert\_fails@{\tt assert\_fails}}} + +Coq provides a derived tactic to check that a tactic \emph{fails}: +\begin{quote} +{\tt assert\_fails} {\tacexpr} +\end{quote} +This behaves like {\tt tryif {\tacexpr} then fail 0 tac "succeeds" else idtac}. + +\subsubsection[Checking the success]{Checking the success\tacindex{assert\_succeeds}\index{Tacticals!assert\_succeeds@{\tt assert\_succeeds}}} + +Coq provides a derived tactic to check that a tactic has \emph{at least one} success: +\begin{quote} +{\tt assert\_succeeds} {\tacexpr} +\end{quote} +This behaves like {\tt tryif (assert\_fails tac) then fail 0 tac "fails" else idtac}. + \subsubsection[Solving]{Solving\tacindex{solve} \index{Tacticals!solve@{\tt solve}}} @@ -1156,16 +1174,6 @@ without having to cut manually the proof in smaller lemmas. It may be useful to generate lemmas minimal w.r.t. the assumptions they depend on. This can be obtained thanks to the option below. -\begin{quote} -\optindex{Shrink Abstract} -{\tt Set Shrink Abstract} -\end{quote} -\emph{Deprecated since 8.7} - -When set (default), all lemmas generated through \texttt{abstract {\tacexpr}} -and \texttt{transparent\_abstract {\tacexpr}} are quantified only over the -variables that appear in the term constructed by \texttt{\tacexpr}. - \begin{Variants} \item \texttt{abstract {\tacexpr} using {\ident}}.\\ Give explicitly the name of the auxiliary lemma. diff --git a/doc/refman/RefMan-mod.tex b/doc/refman/RefMan-mod.tex deleted file mode 100644 index b4e270e6c3..0000000000 --- a/doc/refman/RefMan-mod.tex +++ /dev/null @@ -1,428 +0,0 @@ -\section{Module system -\index{Modules} -\label{section:Modules}} - -The module system provides a way of packaging related elements -together, as well as a means of massive abstraction. - -\begin{figure}[t] -\begin{centerframe} -\begin{tabular}{rcl} -{\modtype} & ::= & {\qualid} \\ - & $|$ & {\modtype} \texttt{ with Definition }{\qualid} := {\term} \\ - & $|$ & {\modtype} \texttt{ with Module }{\qualid} := {\qualid} \\ - & $|$ & {\qualid} \nelist{\qualid}{}\\ - & $|$ & $!${\qualid} \nelist{\qualid}{}\\ - &&\\ - -{\onemodbinding} & ::= & {\tt ( [Import|Export] \nelist{\ident}{} : {\modtype} )}\\ - &&\\ - -{\modbindings} & ::= & \nelist{\onemodbinding}{}\\ - &&\\ - -{\modexpr} & ::= & \nelist{\qualid}{} \\ - & $|$ & $!$\nelist{\qualid}{} -\end{tabular} -\end{centerframe} -\caption{Syntax of modules} -\end{figure} - -In the syntax of module application, the $!$ prefix indicates that -any {\tt Inline} directive in the type of the functor arguments -will be ignored (see \ref{Inline} below). - -\subsection{\tt Module {\ident} -\comindex{Module}} - -This command is used to start an interactive module named {\ident}. - -\begin{Variants} - -\item{\tt Module {\ident} {\modbindings}} - - Starts an interactive functor with parameters given by {\modbindings}. - -\item{\tt Module {\ident} \verb.:. {\modtype}} - - Starts an interactive module specifying its module type. - -\item{\tt Module {\ident} {\modbindings} \verb.:. {\modtype}} - - Starts an interactive functor with parameters given by - {\modbindings}, and output module type {\modtype}. - -\item{\tt Module {\ident} \verb.<:. {\modtype$_1$} \verb.<:. $\ldots$ \verb.<:.{ \modtype$_n$}} - - Starts an interactive module satisfying each {\modtype$_i$}. - -\item{\tt Module {\ident} {\modbindings} \verb.<:. {\modtype$_1$} \verb.<:. $\ldots$ \verb.<:. {\modtype$_n$}} - - Starts an interactive functor with parameters given by - {\modbindings}. The output module type is verified against each - module type {\modtype$_i$}. - -\item\texttt{Module [Import|Export]} - - Behaves like \texttt{Module}, but automatically imports or exports - the module. - -\end{Variants} -\subsubsection{Reserved commands inside an interactive module: -\comindex{Include}} -\begin{enumerate} -\item {\tt Include {\module}} - - Includes the content of {\module} in the current interactive - module. Here {\module} can be a module expression or a module type - expression. If {\module} is a high-order module or module type - expression then the system tries to instantiate {\module} - by the current interactive module. - -\item {\tt Include {\module$_1$} \verb.<+. $\ldots$ \verb.<+. {\module$_n$}} - -is a shortcut for {\tt Include {\module$_1$}} $\ldots$ {\tt Include {\module$_n$}} -\end{enumerate} -\subsection{\tt End {\ident} -\comindex{End}} - -This command closes the interactive module {\ident}. If the module type -was given the content of the module is matched against it and an error -is signaled if the matching fails. If the module is basic (is not a -functor) its components (constants, inductive types, submodules etc) are -now available through the dot notation. - -\begin{ErrMsgs} -\item \errindex{No such label {\ident}} -\item \errindex{Signature components for label {\ident} do not match} -\item \errindex{This is not the last opened module} -\end{ErrMsgs} - - -\subsection{\tt Module {\ident} := {\modexpr} -\comindex{Module}} - -This command defines the module identifier {\ident} to be equal to -{\modexpr}. - -\begin{Variants} -\item{\tt Module {\ident} {\modbindings} := {\modexpr}} - - Defines a functor with parameters given by {\modbindings} and body {\modexpr}. - -% Particular cases of the next 2 items -%\item{\tt Module {\ident} \verb.:. {\modtype} := {\modexpr}} -% -% Defines a module with body {\modexpr} and interface {\modtype}. -%\item{\tt Module {\ident} \verb.<:. {\modtype} := {\modexpr}} -% -% Defines a module with body {\modexpr}, satisfying {\modtype}. - -\item{\tt Module {\ident} {\modbindings} \verb.:. {\modtype} := - {\modexpr}} - - Defines a functor with parameters given by {\modbindings} (possibly none), - and output module type {\modtype}, with body {\modexpr}. - -\item{\tt Module {\ident} {\modbindings} \verb.<:. {\modtype$_1$} \verb.<:. $\ldots$ \verb.<:. {\modtype$_n$}:= - {\modexpr}} - - Defines a functor with parameters given by {\modbindings} (possibly none) - with body {\modexpr}. The body is checked against each {\modtype$_i$}. - -\item{\tt Module {\ident} {\modbindings} := {\modexpr$_1$} \verb.<+. $\ldots$ \verb.<+. {\modexpr$_n$}} - - is equivalent to an interactive module where each {\modexpr$_i$} are included. - -\end{Variants} - -\subsection{\tt Module Type {\ident} -\comindex{Module Type}} - -This command is used to start an interactive module type {\ident}. - -\begin{Variants} - -\item{\tt Module Type {\ident} {\modbindings}} - - Starts an interactive functor type with parameters given by {\modbindings}. - -\end{Variants} -\subsubsection{Reserved commands inside an interactive module type: -\comindex{Include}\comindex{Inline}} -\label{Inline} -\begin{enumerate} -\item {\tt Include {\module}} - - Same as {\tt Include} inside a module. - -\item {\tt Include {\module$_1$} \verb.<+. $\ldots$ \verb.<+. {\module$_n$}} - -is a shortcut for {\tt Include {\module$_1$}} $\ldots$ {\tt Include {\module$_n$}} - -\item {\tt {\assumptionkeyword} Inline {\assums} } - - The instance of this assumption will be automatically expanded at functor - application, except when this functor application is prefixed by a $!$ annotation. -\end{enumerate} -\subsection{\tt End {\ident} -\comindex{End}} - -This command closes the interactive module type {\ident}. - -\begin{ErrMsgs} -\item \errindex{This is not the last opened module type} -\end{ErrMsgs} - -\subsection{\tt Module Type {\ident} := {\modtype}} - -Defines a module type {\ident} equal to {\modtype}. - -\begin{Variants} -\item {\tt Module Type {\ident} {\modbindings} := {\modtype}} - - Defines a functor type {\ident} specifying functors taking arguments - {\modbindings} and returning {\modtype}. - -\item{\tt Module Type {\ident} {\modbindings} := {\modtype$_1$} \verb.<+. $\ldots$ \verb.<+. {\modtype$_n$}} - - is equivalent to an interactive module type were each {\modtype$_i$} are included. - -\end{Variants} - -\subsection{\tt Declare Module {\ident} : {\modtype} -\comindex{Declare Module}} - -Declares a module {\ident} of type {\modtype}. - -\begin{Variants} - -\item{\tt Declare Module {\ident} {\modbindings} \verb.:. {\modtype}} - - Declares a functor with parameters {\modbindings} and output module - type {\modtype}. - - -\end{Variants} - - -\subsubsection{Example} - -Let us define a simple module. -\begin{coq_example} -Module M. - Definition T := nat. - Definition x := 0. - Definition y : bool. - exact true. - Defined. -End M. -\end{coq_example} -Inside a module one can define constants, prove theorems and do any -other things that can be done in the toplevel. Components of a closed -module can be accessed using the dot notation: -\begin{coq_example} -Print M.x. -\end{coq_example} -A simple module type: -\begin{coq_example} -Module Type SIG. - Parameter T : Set. - Parameter x : T. -End SIG. -\end{coq_example} - -Now we can create a new module from \texttt{M}, giving it a less -precise specification: the \texttt{y} component is dropped as well -as the body of \texttt{x}. - -\begin{coq_eval} -Set Printing Depth 50. -\end{coq_eval} -% (********** The following is not correct and should produce **********) -% (***************** Error: N.y not a defined object *******************) -\begin{coq_example} -Module N : SIG with Definition T := nat := M. -Print N.T. -Print N.x. -Fail Print N.y. -\end{coq_example} -\begin{coq_eval} -Reset N. -\end{coq_eval} - -\noindent -The definition of \texttt{N} using the module type expression -\texttt{SIG with Definition T:=nat} is equivalent to the following -one: - -\begin{coq_example*} -Module Type SIG'. - Definition T : Set := nat. - Parameter x : T. -End SIG'. -Module N : SIG' := M. -\end{coq_example*} -If we just want to be sure that the our implementation satisfies a -given module type without restricting the interface, we can use a -transparent constraint -\begin{coq_example} -Module P <: SIG := M. -Print P.y. -\end{coq_example} -Now let us create a functor, i.e. a parametric module -\begin{coq_example} -Module Two (X Y: SIG). -\end{coq_example} -\begin{coq_example*} - Definition T := (X.T * Y.T)%type. - Definition x := (X.x, Y.x). -\end{coq_example*} -\begin{coq_example} -End Two. -\end{coq_example} -and apply it to our modules and do some computations -\begin{coq_example} -Module Q := Two M N. -Eval compute in (fst Q.x + snd Q.x). -\end{coq_example} -In the end, let us define a module type with two sub-modules, sharing -some of the fields and give one of its possible implementations: -\begin{coq_example} -Module Type SIG2. - Declare Module M1 : SIG. - Module M2 <: SIG. - Definition T := M1.T. - Parameter x : T. - End M2. -End SIG2. -\end{coq_example} -\begin{coq_example*} -Module Mod <: SIG2. - Module M1. - Definition T := nat. - Definition x := 1. - End M1. - Module M2 := M. -\end{coq_example*} -\begin{coq_example} -End Mod. -\end{coq_example} -Notice that \texttt{M} is a correct body for the component \texttt{M2} -since its \texttt{T} component is equal \texttt{nat} and hence -\texttt{M1.T} as specified. -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - -\begin{Remarks} -\item Modules and module types can be nested components of each other. -\item One can have sections inside a module or a module type, but - not a module or a module type inside a section. -\item Commands like \texttt{Hint} or \texttt{Notation} can - also appear inside modules and module types. Note that in case of a - module definition like: - - \smallskip - \noindent - {\tt Module N : SIG := M.} - \smallskip - - or - - \smallskip - {\tt Module N : SIG.\\ - \ \ \dots\\ - End N.} - \smallskip - - hints and the like valid for \texttt{N} are not those defined in - \texttt{M} (or the module body) but the ones defined in - \texttt{SIG}. - -\end{Remarks} - -\subsection{\tt Import {\qualid} -\comindex{Import} -\label{Import}} - -If {\qualid} denotes a valid basic module (i.e. its module type is a -signature), makes its components available by their short names. - -Example: - -\begin{coq_example} -Module Mod. - Definition T:=nat. - Check T. -End Mod. -Check Mod.T. -Fail Check T. (* Incorrect! *) -Import Mod. -Check T. (* Now correct *) -\end{coq_example} -\begin{coq_eval} -Reset Mod. -\end{coq_eval} - -Some features defined in modules are activated only when a module is -imported. This is for instance the case of notations (see -Section~\ref{Notation}). - -Declarations made with the {\tt Local} flag are never imported by the -{\tt Import} command. Such declarations are only accessible through their -fully qualified name. - -Example: - -\begin{coq_example} -Module A. -Module B. -Local Definition T := nat. -End B. -End A. -Import A. -Fail Check B.T. -\end{coq_example} - -\begin{Variants} -\item{\tt Export {\qualid}}\comindex{Export} - - When the module containing the command {\tt Export {\qualid}} is - imported, {\qualid} is imported as well. -\end{Variants} - -\begin{ErrMsgs} - \item \errindexbis{{\qualid} is not a module}{is not a module} -% this error is impossible in the import command -% \item \errindex{Cannot mask the absolute name {\qualid} !} -\end{ErrMsgs} - -\begin{Warnings} - \item Trying to mask the absolute name {\qualid} ! -\end{Warnings} - -\subsection{\tt Print Module {\ident} -\comindex{Print Module} \optindex{Short Module Printing}} - -Prints the module type and (optionally) the body of the module {\ident}. - -For this command and {\tt Print Module Type}, the option {\tt Short - Module Printing} (off by default) disables the printing of the types of fields, -leaving only their names. - -\subsection{\tt Print Module Type {\ident} -\comindex{Print Module Type}} - -Prints the module type corresponding to {\ident}. - -\subsection{\tt Locate Module {\qualid} -\comindex{Locate Module}} - -Prints the full name of the module {\qualid}. - - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% End: diff --git a/doc/refman/RefMan-modr.tex b/doc/refman/RefMan-modr.tex deleted file mode 100644 index 7c672cf422..0000000000 --- a/doc/refman/RefMan-modr.tex +++ /dev/null @@ -1,564 +0,0 @@ -\chapter[The Module System]{The Module System\label{chapter:Modules}} -%HEVEA\cutname{modules.html} - -The module system extends the Calculus of Inductive Constructions -providing a convenient way to structure large developments as well as -a means of massive abstraction. -%It is described in details in Judicael's thesis and Jacek's thesis - -\section{Modules and module types} - -\paragraph{Access path.} It is denoted by $p$, it can be either a module -variable $X$ or, if $p'$ is an access path and $id$ an identifier, then -$p'.id$ is an access path. - -\paragraph{Structure element.} It is denoted by \elem\ and is either a -definition of a constant, an assumption, a definition of an inductive, - a definition of a module, an alias of module or a module type abbreviation. - -\paragraph{Structure expression.} It is denoted by $S$ and can be: -\begin{itemize} -\item an access path $p$ -\item a plain structure $\struct{\nelist{\elem}{;}}$ -\item a functor $\functor{X}{S}{S'}$, where $X$ is a module variable, - $S$ and $S'$ are structure expression -\item an application $S\,p$, where $S$ is a structure expression and $p$ -an access path -\item a refined structure $\with{S}{p}{p'}$ or $\with{S}{p}{t:T}$ where $S$ -is a structure expression, $p$ and $p'$ are access paths, $t$ is a term -and $T$ is the type of $t$. -\end{itemize} - -\paragraph{Module definition,} is written $\Mod{X}{S}{S'}$ and - consists of a module variable $X$, a module type -$S$ which can be any structure expression and optionally a module implementation $S'$ - which can be any structure expression except a refined structure. - -\paragraph{Module alias,} is written $\ModA{X}{p}$ and - consists of a module variable $X$ and a module path $p$. - -\paragraph{Module type abbreviation,} is written $\ModType{Y}{S}$, where -$Y$ is an identifier and $S$ is any structure expression . - - -\section{Typing Modules} - -In order to introduce the typing system we first slightly extend -the syntactic class of terms and environments given in -section~\ref{Terms}. The environments, apart from definitions of -constants and inductive types now also hold any other structure elements. -Terms, apart from variables, constants and complex terms, -include also access paths. - -We also need additional typing judgments: -\begin{itemize} -\item \WFT{E}{S}, denoting that a structure $S$ is well-formed, - -\item \WTM{E}{p}{S}, denoting that the module pointed by $p$ has type $S$ in -environment $E$. - -\item \WEV{E}{S}{\overline{S}}, denoting that a structure $S$ is evaluated to -a structure $\overline{S}$ in weak head normal form. - -\item \WS{E}{S_1}{S_2}, denoting that a structure $S_1$ is a subtype of a -structure $S_2$. - -\item \WS{E}{\elem_1}{\elem_2}, denoting that a structure element - $\elem_1$ is more precise that a structure element $\elem_2$. -\end{itemize} -The rules for forming structures are the following: -\begin{description} -\item[WF-STR] -\inference{% - \frac{ - \WF{E;E'}{} - }{%%%%%%%%%%%%%%%%%%%%% - \WFT{E}{\struct{E'}} - } -} -\item[WF-FUN] -\inference{% - \frac{ - \WFT{E;\ModS{X}{S}}{\overline{S'}} - }{%%%%%%%%%%%%%%%%%%%%%%%%%% - \WFT{E}{\functor{X}{S}{S'}} - } -} -\end{description} -Evaluation of structures to weak head normal form: -\begin{description} -\item[WEVAL-APP] -\inference{% - \frac{ - \begin{array}{c} - \WEV{E}{S}{\functor{X}{S_1}{S_2}}~~~~~\WEV{E}{S_1}{\overline{S_1}}\\ - \WTM{E}{p}{S_3}\qquad \WS{E}{S_3}{\overline{S_1}} - \end{array} - }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \WEV{E}{S\,p}{S_2\{p/X,t_1/p_1.c_1,\ldots,t_n/p_n.c_n\}} - } -} -\end{description} -In the last rule, $\{t_1/p_1.c_1,\ldots,t_n/p_n.c_n\}$ is the resulting - substitution from the inlining mechanism. We substitute in $S$ the - inlined fields $p_i.c_i$ form $\ModS{X}{S_1}$ by the corresponding delta-reduced term $t_i$ in $p$. -\begin{description} -\item[WEVAL-WITH-MOD] -\inference{% - \frac{ - \begin{array}{c} - \WEV{E}{S}{\structe{\ModS{X}{S_1}}}~~~~~\WEV{E;\elem_1;\ldots;\elem_i}{S_1}{\overline{S_1}}\\ - \WTM{E}{p}{S_2}\qquad \WS{E;\elem_1;\ldots;\elem_i}{S_2}{\overline{S_1}} - \end{array} - }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \begin{array}{c} - \WEVT{E}{\with{S}{x}{p}}{\structes{\ModA{X}{p}}{p/X}} - \end{array} - } -} -\item[WEVAL-WITH-MOD-REC] -\inference{% - \frac{ - \begin{array}{c} - \WEV{E}{S}{\structe{\ModS{X_1}{S_1}}}\\ - \WEV{E;\elem_1;\ldots;\elem_i}{\with{S_1}{p}{p_1}}{\overline{S_2}} - \end{array} - }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \begin{array}{c} - \WEVT{E}{\with{S}{X_1.p}{p_1}}{\structes{\ModS{X}{\overline{S_2}}}{p_1/X_1.p}} - \end{array} - } -} -\item[WEVAL-WITH-DEF] -\inference{% - \frac{ - \begin{array}{c} - \WEV{E}{S}{\structe{\Assum{}{c}{T_1}}}\\ - \WS{E;\elem_1;\ldots;\elem_i}{\Def{}{c}{t}{T}}{\Assum{}{c}{T_1}} - \end{array} - }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \begin{array}{c} - \WEVT{E}{\with{S}{c}{t:T}}{\structe{\Def{}{c}{t}{T}}} - \end{array} - } -} -\item[WEVAL-WITH-DEF-REC] -\inference{% - \frac{ - \begin{array}{c} - \WEV{E}{S}{\structe{\ModS{X_1}{S_1}}}\\ - \WEV{E;\elem_1;\ldots;\elem_i}{\with{S_1}{p}{p_1}}{\overline{S_2}} - \end{array} - }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \begin{array}{c} - \WEVT{E}{\with{S}{X_1.p}{t:T}}{\structe{\ModS{X}{\overline{S_2}}}} - \end{array} - } -} - -\item[WEVAL-PATH-MOD] -\inference{% - \frac{ - \begin{array}{c} - \WEV{E}{p}{\structe{ \Mod{X}{S}{S_1}}}\\ - \WEV{E;\elem_1;\ldots;\elem_i}{S}{\overline{S}} - \end{array} - }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \WEV{E}{p.X}{\overline{S}} - } -} -\inference{% - \frac{ - \begin{array}{c} - \WF{E}{}~~~~~~\Mod{X}{S}{S_1}\in E\\ - \WEV{E}{S}{\overline{S}} - \end{array} - }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \WEV{E}{X}{\overline{S}} - } -} -\item[WEVAL-PATH-ALIAS] -\inference{% - \frac{ - \begin{array}{c} - \WEV{E}{p}{\structe{\ModA{X}{p_1}}}\\ - \WEV{E;\elem_1;\ldots;\elem_i}{p_1}{\overline{S}} - \end{array} - }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \WEV{E}{p.X}{\overline{S}} - } -} -\inference{% - \frac{ - \begin{array}{c} - \WF{E}{}~~~~~~~\ModA{X}{p_1}\in E\\ - \WEV{E}{p_1}{\overline{S}} - \end{array} - }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \WEV{E}{X}{\overline{S}} - } -} -\item[WEVAL-PATH-TYPE] -\inference{% - \frac{ - \begin{array}{c} - \WEV{E}{p}{\structe{\ModType{Y}{S}}}\\ - \WEV{E;\elem_1;\ldots;\elem_i}{S}{\overline{S}} - \end{array} - }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \WEV{E}{p.Y}{\overline{S}} - } -} -\item[WEVAL-PATH-TYPE] -\inference{% - \frac{ - \begin{array}{c} - \WF{E}{}~~~~~~~\ModType{Y}{S}\in E\\ - \WEV{E}{S}{\overline{S}} - \end{array} - }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \WEV{E}{Y}{\overline{S}} - } -} -\end{description} - Rules for typing module: -\begin{description} -\item[MT-EVAL] -\inference{% - \frac{ - \WEV{E}{p}{\overline{S}} - }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \WTM{E}{p}{\overline{S}} - } -} -\item[MT-STR] -\inference{% - \frac{ - \WTM{E}{p}{S} - }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \WTM{E}{p}{S/p} - } -} -\end{description} -The last rule, called strengthening is used to make all module fields -manifestly equal to themselves. The notation $S/p$ has the following -meaning: -\begin{itemize} -\item if $S\lra\struct{\elem_1;\dots;\elem_n}$ then - $S/p=\struct{\elem_1/p;\dots;\elem_n/p}$ where $\elem/p$ is defined as - follows: - \begin{itemize} - \item $\Def{}{c}{t}{T}/p\footnote{Opaque definitions are processed as assumptions.} ~=~ \Def{}{c}{t}{T}$ - \item $\Assum{}{c}{U}/p ~=~ \Def{}{c}{p.c}{U}$ - \item $\ModS{X}{S}/p ~=~ \ModA{X}{p.X}$ - \item $\ModA{X}{p'}/p ~=~ \ModA{X}{p'}$ - \item $\Ind{}{\Gamma_P}{\Gamma_C}{\Gamma_I}/p ~=~ \Indp{}{\Gamma_P}{\Gamma_C}{\Gamma_I}{p}$ - \item $\Indpstr{}{\Gamma_P}{\Gamma_C}{\Gamma_I}{p'}{p} ~=~ \Indp{}{\Gamma_P}{\Gamma_C}{\Gamma_I}{p'}$ - \end{itemize} -\item if $S\lra\functor{X}{S'}{S''}$ then $S/p=S$ -\end{itemize} -The notation $\Indp{}{\Gamma_P}{\Gamma_C}{\Gamma_I}{p}$ denotes an -inductive definition that is definitionally equal to the inductive -definition in the module denoted by the path $p$. All rules which have -$\Ind{}{\Gamma_P}{\Gamma_C}{\Gamma_I}$ as premises are also valid for -$\Indp{}{\Gamma_P}{\Gamma_C}{\Gamma_I}{p}$. We give the formation rule -for $\Indp{}{\Gamma_P}{\Gamma_C}{\Gamma_I}{p}$ below as well as -the equality rules on inductive types and constructors. \\ - -The module subtyping rules: -\begin{description} -\item[MSUB-STR] -\inference{% - \frac{ - \begin{array}{c} - \WS{E;\elem_1;\dots;\elem_n}{\elem_{\sigma(i)}}{\elem'_i} - \textrm{ \ for } i=1..m \\ - \sigma : \{1\dots m\} \ra \{1\dots n\} \textrm{ \ injective} - \end{array} - }{ - \WS{E}{\struct{\elem_1;\dots;\elem_n}}{\struct{\elem'_1;\dots;\elem'_m}} - } -} -\item[MSUB-FUN] -\inference{% T_1 -> T_2 <: T_1' -> T_2' - \frac{ - \WS{E}{\overline{S_1'}}{\overline{S_1}}~~~~~~~~~~\WS{E;\ModS{X}{S_1'}}{\overline{S_2}}{\overline{S_2'}} - }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \WS{E}{\functor{X}{S_1}{S_2}}{\functor{X}{S_1'}{S_2'}} - } -} -% these are derived rules -% \item[MSUB-EQ] -% \inference{% -% \frac{ -% \WS{E}{T_1}{T_2}~~~~~~~~~~\WTERED{}{T_1}{=}{T_1'}~~~~~~~~~~\WTERED{}{T_2}{=}{T_2'} -% }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% \WS{E}{T_1'}{T_2'} -% } -% } -% \item[MSUB-REFL] -% \inference{% -% \frac{ -% \WFT{E}{T} -% }{ -% \WS{E}{T}{T} -% } -% } -\end{description} -Structure element subtyping rules: -\begin{description} -\item[ASSUM-ASSUM] -\inference{% - \frac{ - \WTELECONV{}{T_1}{T_2} - }{ - \WSE{\Assum{}{c}{T_1}}{\Assum{}{c}{T_2}} - } -} -\item[DEF-ASSUM] -\inference{% - \frac{ - \WTELECONV{}{T_1}{T_2} - }{ - \WSE{\Def{}{c}{t}{T_1}}{\Assum{}{c}{T_2}} - } -} -\item[ASSUM-DEF] -\inference{% - \frac{ - \WTELECONV{}{T_1}{T_2}~~~~~~~~\WTECONV{}{c}{t_2} - }{ - \WSE{\Assum{}{c}{T_1}}{\Def{}{c}{t_2}{T_2}} - } -} -\item[DEF-DEF] -\inference{% - \frac{ - \WTELECONV{}{T_1}{T_2}~~~~~~~~\WTECONV{}{t_1}{t_2} - }{ - \WSE{\Def{}{c}{t_1}{T_1}}{\Def{}{c}{t_2}{T_2}} - } -} -\item[IND-IND] -\inference{% - \frac{ - \WTECONV{}{\Gamma_P}{\Gamma_P'}% - ~~~~~~~~\WTECONV{\Gamma_P}{\Gamma_C}{\Gamma_C'}% - ~~~~~~~~\WTECONV{\Gamma_P;\Gamma_C}{\Gamma_I}{\Gamma_I'}% - }{ - \WSE{\Ind{}{\Gamma_P}{\Gamma_C}{\Gamma_I}}% - {\Ind{}{\Gamma_P'}{\Gamma_C'}{\Gamma_I'}} - } -} -\item[INDP-IND] -\inference{% - \frac{ - \WTECONV{}{\Gamma_P}{\Gamma_P'}% - ~~~~~~~~\WTECONV{\Gamma_P}{\Gamma_C}{\Gamma_C'}% - ~~~~~~~~\WTECONV{\Gamma_P;\Gamma_C}{\Gamma_I}{\Gamma_I'}% - }{ - \WSE{\Indp{}{\Gamma_P}{\Gamma_C}{\Gamma_I}{p}}% - {\Ind{}{\Gamma_P'}{\Gamma_C'}{\Gamma_I'}} - } -} -\item[INDP-INDP] -\inference{% - \frac{ - \WTECONV{}{\Gamma_P}{\Gamma_P'}% - ~~~~~~\WTECONV{\Gamma_P}{\Gamma_C}{\Gamma_C'}% - ~~~~~~\WTECONV{\Gamma_P;\Gamma_C}{\Gamma_I}{\Gamma_I'}% - ~~~~~~\WTECONV{}{p}{p'} - }{ - \WSE{\Indp{}{\Gamma_P}{\Gamma_C}{\Gamma_I}{p}}% - {\Indp{}{\Gamma_P'}{\Gamma_C'}{\Gamma_I'}{p'}} - } -} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\item[MOD-MOD] -\inference{% - \frac{ - \WSE{S_1}{S_2} - }{ - \WSE{\ModS{X}{S_1}}{\ModS{X}{S_2}} - } -} -\item[ALIAS-MOD] -\inference{% - \frac{ - \WTM{E}{p}{S_1}~~~~~~~~\WSE{S_1}{S_2} - }{ - \WSE{\ModA{X}{p}}{\ModS{X}{S_2}} - } -} -\item[MOD-ALIAS] -\inference{% - \frac{ - \WTM{E}{p}{S_2}~~~~~~~~ - \WSE{S_1}{S_2}~~~~~~~~\WTECONV{}{X}{p} - }{ - \WSE{\ModS{X}{S_1}}{\ModA{X}{p}} - } -} -\item[ALIAS-ALIAS] -\inference{% - \frac{ - \WTECONV{}{p_1}{p_2} - }{ - \WSE{\ModA{X}{p_1}}{\ModA{X}{p_2}} - } -} -\item[MODTYPE-MODTYPE] -\inference{% - \frac{ - \WSE{S_1}{S_2}~~~~~~~~\WSE{S_2}{S_1} - }{ - \WSE{\ModType{Y}{S_1}}{\ModType{Y}{S_2}} - } -} -\end{description} -New environment formation rules -\begin{description} -\item[WF-MOD] -\inference{% - \frac{ - \WF{E}{}~~~~~~~~\WFT{E}{S} - }{ - \WF{E;\ModS{X}{S}}{} - } -} -\item[WF-MOD] -\inference{% - \frac{ -\begin{array}{c} - \WS{E}{S_2}{S_1}\\ - \WF{E}{}~~~~~\WFT{E}{S_1}~~~~~\WFT{E}{S_2} -\end{array} - }{ - \WF{E;\Mod{X}{S_1}{S_2}}{} - } -} - -\item[WF-ALIAS] -\inference{% - \frac{ - \WF{E}{}~~~~~~~~~~~\WTE{}{p}{S} - }{ - \WF{E,\ModA{X}{p}}{} - } -} -\item[WF-MODTYPE] -\inference{% - \frac{ - \WF{E}{}~~~~~~~~~~~\WFT{E}{S} - }{ - \WF{E,\ModType{Y}{S}}{} - } -} -\item[WF-IND] -\inference{% - \frac{ - \begin{array}{c} - \WF{E;\Ind{}{\Gamma_P}{\Gamma_C}{\Gamma_I}}{}\\ - \WT{E}{}{p:\struct{\elem_1;\dots;\elem_n;\Ind{}{\Gamma_P'}{\Gamma_C'}{\Gamma_I'};\dots}}\\ - \WS{E}{\Ind{}{\Gamma_P'}{\Gamma_C'}{\Gamma_I'}}{\Ind{}{\Gamma_P}{\Gamma_C}{\Gamma_I}} - \end{array} - }{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \WF{E;\Indp{}{\Gamma_P}{\Gamma_C}{\Gamma_I}{p}}{} - } -} -\end{description} -Component access rules -\begin{description} -\item[ACC-TYPE] -\inference{% - \frac{ - \WTEG{p}{\struct{\elem_1;\dots;\elem_i;\Assum{}{c}{T};\dots}} - }{ - \WTEG{p.c}{T} - } -} -\\ -\inference{% - \frac{ - \WTEG{p}{\struct{\elem_1;\dots;\elem_i;\Def{}{c}{t}{T};\dots}} - }{ - \WTEG{p.c}{T} - } -} -\item[ACC-DELTA] -Notice that the following rule extends the delta rule defined in -section~\ref{delta} -\inference{% - \frac{ - \WTEG{p}{\struct{\elem_1;\dots;\elem_i;\Def{}{c}{t}{U};\dots}} - }{ - \WTEGRED{p.c}{\triangleright_\delta}{t} - } -} -\\ -In the rules below we assume $\Gamma_P$ is $[p_1:P_1;\ldots;p_r:P_r]$, - $\Gamma_I$ is $[I_1:A_1;\ldots;I_k:A_k]$, and $\Gamma_C$ is - $[c_1:C_1;\ldots;c_n:C_n]$ -\item[ACC-IND] -\inference{% - \frac{ - \WTEG{p}{\struct{\elem_1;\dots;\elem_i;\Ind{}{\Gamma_P}{\Gamma_C}{\Gamma_I};\dots}} - }{ - \WTEG{p.I_j}{(p_1:P_1)\ldots(p_r:P_r)A_j} - } -} -\inference{% - \frac{ - \WTEG{p}{\struct{\elem_1;\dots;\elem_i;\Ind{}{\Gamma_P}{\Gamma_C}{\Gamma_I};\dots}} - }{ - \WTEG{p.c_m}{(p_1:P_1)\ldots(p_r:P_r){C_m}{I_j}{(I_j~p_1\ldots - p_r)}_{j=1\ldots k}} - } -} -\item[ACC-INDP] -\inference{% - \frac{ - \WT{E}{}{p}{\struct{\elem_1;\dots;\elem_i;\Indp{}{\Gamma_P}{\Gamma_C}{\Gamma_I}{p'};\dots}} - }{ - \WTRED{E}{}{p.I_i}{\triangleright_\delta}{p'.I_i} - } -} -\inference{% - \frac{ - \WT{E}{}{p}{\struct{\elem_1;\dots;\elem_i;\Indp{}{\Gamma_P}{\Gamma_C}{\Gamma_I}{p'};\dots}} - }{ - \WTRED{E}{}{p.c_i}{\triangleright_\delta}{p'.c_i} - } -} - -\end{description} - -% %%% replaced by \triangle_\delta -% Module path equality is a transitive and reflexive closure of the -% relation generated by ACC-MODEQ and ENV-MODEQ. -% \begin{itemize} -% \item []MP-EQ-REFL -% \inference{% -% \frac{ -% \WTEG{p}{T} -% }{ -% \WTEG{p}{p} -% } -% } -% \item []MP-EQ-TRANS -% \inference{% -% \frac{ -% \WTEGRED{p}{=}{p'}~~~~~~\WTEGRED{p'}{=}{p''} -% }{ -% \WTEGRED{p'}{=}{p''} -% } -% } - -% \end{itemize} - - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% End: - diff --git a/doc/refman/RefMan-oth.tex b/doc/refman/RefMan-oth.tex index 1cd23c9297..bef31d3fa5 100644 --- a/doc/refman/RefMan-oth.tex +++ b/doc/refman/RefMan-oth.tex @@ -513,6 +513,9 @@ This command loads the file named {\ident}{\tt .v}, searching successively in each of the directories specified in the {\em loadpath}. (see Section~\ref{loadpath}) +Files loaded this way cannot leave proofs open, and neither the {\tt + Load} command can be use inside a proof. + \begin{Variants} \item {\tt Load {\str}.}\label{Load-str}\\ Loads the file denoted by the string {\str}, where {\str} is any @@ -530,6 +533,8 @@ successively in each of the directories specified in the {\em \begin{ErrMsgs} \item \errindex{Can't find file {\ident} on loadpath} +\item \errindex{Load is not supported inside proofs} +\item \errindex{Files processed by Load cannot leave open proofs} \end{ErrMsgs} \section[Compiled files]{Compiled files\label{compiled}\index{Compiled files}} diff --git a/doc/refman/RefMan-pre.tex b/doc/refman/RefMan-pre.tex deleted file mode 100644 index 05775bfbe5..0000000000 --- a/doc/refman/RefMan-pre.tex +++ /dev/null @@ -1,1351 +0,0 @@ -%BEGIN LATEX -\setheaders{Credits} -%END LATEX -\chapter*{Credits} -%HEVEA\cutname{credits.html} -%\addcontentsline{toc}{section}{Credits} - -\Coq{}~ is a proof assistant for higher-order logic, allowing the -development of computer programs consistent with their formal -specification. It is the result of about ten years of research of the -Coq project. We shall briefly survey here three main aspects: the -\emph{logical language} in which we write our axiomatizations and -specifications, the \emph{proof assistant} which allows the development -of verified mathematical proofs, and the \emph{program extractor} which -synthesizes computer programs obeying their formal specifications, -written as logical assertions in the language. - -The logical language used by {\Coq} is a variety of type theory, -called the \emph{Calculus of Inductive Constructions}. Without going -back to Leibniz and Boole, we can date the creation of what is now -called mathematical logic to the work of Frege and Peano at the turn -of the century. The discovery of antinomies in the free use of -predicates or comprehension principles prompted Russell to restrict -predicate calculus with a stratification of \emph{types}. This effort -culminated with \emph{Principia Mathematica}, the first systematic -attempt at a formal foundation of mathematics. A simplification of -this system along the lines of simply typed $\lambda$-calculus -occurred with Church's \emph{Simple Theory of Types}. The -$\lambda$-calculus notation, originally used for expressing -functionality, could also be used as an encoding of natural deduction -proofs. This Curry-Howard isomorphism was used by N. de Bruijn in the -\emph{Automath} project, the first full-scale attempt to develop and -mechanically verify mathematical proofs. This effort culminated with -Jutting's verification of Landau's \emph{Grundlagen} in the 1970's. -Exploiting this Curry-Howard isomorphism, notable achievements in -proof theory saw the emergence of two type-theoretic frameworks; the -first one, Martin-L\"of's \emph{Intuitionistic Theory of Types}, -attempts a new foundation of mathematics on constructive principles. -The second one, Girard's polymorphic $\lambda$-calculus $F_\omega$, is -a very strong functional system in which we may represent higher-order -logic proof structures. Combining both systems in a higher-order -extension of the Automath languages, T. Coquand presented in 1985 the -first version of the \emph{Calculus of Constructions}, CoC. This strong -logical system allowed powerful axiomatizations, but direct inductive -definitions were not possible, and inductive notions had to be defined -indirectly through functional encodings, which introduced -inefficiencies and awkwardness. The formalism was extended in 1989 by -T. Coquand and C. Paulin with primitive inductive definitions, leading -to the current \emph{Calculus of Inductive Constructions}. This -extended formalism is not rigorously defined here. Rather, numerous -concrete examples are discussed. We refer the interested reader to -relevant research papers for more information about the formalism, its -meta-theoretic properties, and semantics. However, it should not be -necessary to understand this theoretical material in order to write -specifications. It is possible to understand the Calculus of Inductive -Constructions at a higher level, as a mixture of predicate calculus, -inductive predicate definitions presented as typed PROLOG, and -recursive function definitions close to the language ML. - -Automated theorem-proving was pioneered in the 1960's by Davis and -Putnam in propositional calculus. A complete mechanization (in the -sense of a semi-decision procedure) of classical first-order logic was -proposed in 1965 by J.A. Robinson, with a single uniform inference -rule called \emph{resolution}. Resolution relies on solving equations -in free algebras (i.e. term structures), using the \emph{unification - algorithm}. Many refinements of resolution were studied in the -1970's, but few convincing implementations were realized, except of -course that PROLOG is in some sense issued from this effort. A less -ambitious approach to proof development is computer-aided -proof-checking. The most notable proof-checkers developed in the -1970's were LCF, designed by R. Milner and his colleagues at U. -Edinburgh, specialized in proving properties about denotational -semantics recursion equations, and the Boyer and Moore theorem-prover, -an automation of primitive recursion over inductive data types. While -the Boyer-Moore theorem-prover attempted to synthesize proofs by a -combination of automated methods, LCF constructed its proofs through -the programming of \emph{tactics}, written in a high-level functional -meta-language, ML. - -The salient feature which clearly distinguishes our proof assistant -from say LCF or Boyer and Moore's, is its possibility to extract -programs from the constructive contents of proofs. This computational -interpretation of proof objects, in the tradition of Bishop's -constructive mathematics, is based on a realizability interpretation, -in the sense of Kleene, due to C. Paulin. The user must just mark his -intention by separating in the logical statements the assertions -stating the existence of a computational object from the logical -assertions which specify its properties, but which may be considered -as just comments in the corresponding program. Given this information, -the system automatically extracts a functional term from a consistency -proof of its specifications. This functional term may be in turn -compiled into an actual computer program. This methodology of -extracting programs from proofs is a revolutionary paradigm for -software engineering. Program synthesis has long been a theme of -research in artificial intelligence, pioneered by R. Waldinger. The -Tablog system of Z. Manna and R. Waldinger allows the deductive -synthesis of functional programs from proofs in tableau form of their -specifications, written in a variety of first-order logic. Development -of a systematic \emph{programming logic}, based on extensions of -Martin-L\"of's type theory, was undertaken at Cornell U. by the Nuprl -team, headed by R. Constable. The first actual program extractor, PX, -was designed and implemented around 1985 by S. Hayashi from Kyoto -University. It allows the extraction of a LISP program from a proof -in a logical system inspired by the logical formalisms of S. Feferman. -Interest in this methodology is growing in the theoretical computer -science community. We can foresee the day when actual computer systems -used in applications will contain certified modules, automatically -generated from a consistency proof of their formal specifications. We -are however still far from being able to use this methodology in a -smooth interaction with the standard tools from software engineering, -i.e. compilers, linkers, run-time systems taking advantage of special -hardware, debuggers, and the like. We hope that {\Coq} can be of use -to researchers interested in experimenting with this new methodology. - -A first implementation of CoC was started in 1984 by G. Huet and T. -Coquand. Its implementation language was CAML, a functional -programming language from the ML family designed at INRIA in -Rocquencourt. The core of this system was a proof-checker for CoC seen -as a typed $\lambda$-calculus, called the \emph{Constructive Engine}. -This engine was operated through a high-level notation permitting the -declaration of axioms and parameters, the definition of mathematical -types and objects, and the explicit construction of proof objects -encoded as $\lambda$-terms. A section mechanism, designed and -implemented by G. Dowek, allowed hierarchical developments of -mathematical theories. This high-level language was called the -\emph{Mathematical Vernacular}. Furthermore, an interactive -\emph{Theorem Prover} permitted the incremental construction of proof -trees in a top-down manner, subgoaling recursively and backtracking -from dead-alleys. The theorem prover executed tactics written in CAML, -in the LCF fashion. A basic set of tactics was predefined, which the -user could extend by his own specific tactics. This system (Version -4.10) was released in 1989. Then, the system was extended to deal -with the new calculus with inductive types by C. Paulin, with -corresponding new tactics for proofs by induction. A new standard set -of tactics was streamlined, and the vernacular extended for tactics -execution. A package to compile programs extracted from proofs to -actual computer programs in CAML or some other functional language was -designed and implemented by B. Werner. A new user-interface, relying -on a CAML-X interface by D. de Rauglaudre, was designed and -implemented by A. Felty. It allowed operation of the theorem-prover -through the manipulation of windows, menus, mouse-sensitive buttons, -and other widgets. This system (Version 5.6) was released in 1991. - -\Coq{} was ported to the new implementation Caml-light of X. Leroy and -D. Doligez by D. de Rauglaudre (Version 5.7) in 1992. A new version -of \Coq{} was then coordinated by C. Murthy, with new tools designed -by C. Parent to prove properties of ML programs (this methodology is -dual to program extraction) and a new user-interaction loop. This -system (Version 5.8) was released in May 1993. A Centaur interface -\textsc{CTCoq} was then developed by Y. Bertot from the Croap project -from INRIA-Sophia-Antipolis. - -In parallel, G. Dowek and H. Herbelin developed a new proof engine, -allowing the general manipulation of existential variables -consistently with dependent types in an experimental version of \Coq{} -(V5.9). - -The version V5.10 of \Coq{} is based on a generic system for -manipulating terms with binding operators due to Chet Murthy. A new -proof engine allows the parallel development of partial proofs for -independent subgoals. The structure of these proof trees is a mixed -representation of derivation trees for the Calculus of Inductive -Constructions with abstract syntax trees for the tactics scripts, -allowing the navigation in a proof at various levels of details. The -proof engine allows generic environment items managed in an -object-oriented way. This new architecture, due to C. Murthy, -supports several new facilities which make the system easier to extend -and to scale up: - -\begin{itemize} -\item User-programmable tactics are allowed -\item It is possible to separately verify development modules, and to - load their compiled images without verifying them again - a quick - relocation process allows their fast loading -\item A generic parsing scheme allows user-definable notations, with a - symmetric table-driven pretty-printer -\item Syntactic definitions allow convenient abbreviations -\item A limited facility of meta-variables allows the automatic - synthesis of certain type expressions, allowing generic notations - for e.g. equality, pairing, and existential quantification. -\end{itemize} - -In the Fall of 1994, C. Paulin-Mohring replaced the structure of -inductively defined types and families by a new structure, allowing -the mutually recursive definitions. P. Manoury implemented a -translation of recursive definitions into the primitive recursive -style imposed by the internal recursion operators, in the style of the -ProPre system. C. Mu{\~n}oz implemented a decision procedure for -intuitionistic propositional logic, based on results of R. Dyckhoff. -J.C. Filli{\^a}tre implemented a decision procedure for first-order -logic without contraction, based on results of J. Ketonen and R. -Weyhrauch. Finally C. Murthy implemented a library of inversion -tactics, relieving the user from tedious definitions of ``inversion -predicates''. - -\begin{flushright} -Rocquencourt, Feb. 1st 1995\\ -Gérard Huet -\end{flushright} - -\section*{Credits: addendum for version 6.1} -%\addcontentsline{toc}{section}{Credits: addendum for version V6.1} - -The present version 6.1 of \Coq{} is based on the V5.10 architecture. It -was ported to the new language {\ocaml} by Bruno Barras. The -underlying framework has slightly changed and allows more conversions -between sorts. - -The new version provides powerful tools for easier developments. - -Cristina Cornes designed an extension of the \Coq{} syntax to allow -definition of terms using a powerful pattern-matching analysis in the -style of ML programs. - -Amokrane Saïbi wrote a mechanism to simulate -inheritance between types families extending a proposal by Peter -Aczel. He also developed a mechanism to automatically compute which -arguments of a constant may be inferred by the system and consequently -do not need to be explicitly written. - -Yann Coscoy designed a command which explains a proof term using -natural language. Pierre Cr{\'e}gut built a new tactic which solves -problems in quantifier-free Presburger Arithmetic. Both -functionalities have been integrated to the \Coq{} system by Hugo -Herbelin. - -Samuel Boutin designed a tactic for simplification of commutative -rings using a canonical set of rewriting rules and equality modulo -associativity and commutativity. - -Finally the organisation of the \Coq{} distribution has been supervised -by Jean-Christophe Filliâtre with the help of Judicaël Courant -and Bruno Barras. - -\begin{flushright} -Lyon, Nov. 18th 1996\\ -Christine Paulin -\end{flushright} - -\section*{Credits: addendum for version 6.2} -%\addcontentsline{toc}{section}{Credits: addendum for version V6.2} - -In version 6.2 of \Coq{}, the parsing is done using camlp4, a -preprocessor and pretty-printer for CAML designed by Daniel de -Rauglaudre at INRIA. Daniel de Rauglaudre made the first adaptation -of \Coq{} for camlp4, this work was continued by Bruno Barras who also -changed the structure of \Coq{} abstract syntax trees and the primitives -to manipulate them. The result of -these changes is a faster parsing procedure with greatly improved -syntax-error messages. The user-interface to introduce grammar or -pretty-printing rules has also changed. - -Eduardo Giménez redesigned the internal -tactic libraries, giving uniform names -to Caml functions corresponding to \Coq{} tactic names. - -Bruno Barras wrote new more efficient reductions functions. - -Hugo Herbelin introduced more uniform notations in the \Coq{} -specification language: the definitions by fixpoints and -pattern-matching have a more readable syntax. Patrick Loiseleur -introduced user-friendly notations for arithmetic expressions. - -New tactics were introduced: Eduardo Giménez improved a mechanism to -introduce macros for tactics, and designed special tactics for -(co)inductive definitions; Patrick Loiseleur designed a tactic to -simplify polynomial expressions in an arbitrary commutative ring which -generalizes the previous tactic implemented by Samuel Boutin. -Jean-Christophe Filli\^atre introduced a tactic for refining a goal, -using a proof term with holes as a proof scheme. - -David Delahaye designed the \textsf{SearchIsos} tool to search an -object in the library given its type (up to isomorphism). - -Henri Laulhère produced the \Coq{} distribution for the Windows environment. - -Finally, Hugo Herbelin was the main coordinator of the \Coq{} -documentation with principal contributions by Bruno Barras, David Delahaye, -Jean-Christophe Filli\^atre, Eduardo -Giménez, Hugo Herbelin and Patrick Loiseleur. - -\begin{flushright} -Orsay, May 4th 1998\\ -Christine Paulin -\end{flushright} - -\section*{Credits: addendum for version 6.3} -The main changes in version V6.3 was the introduction of a few new tactics -and the extension of the guard condition for fixpoint definitions. - - -B. Barras extended the unification algorithm to complete partial terms -and solved various tricky bugs related to universes.\\ -D. Delahaye developed the \texttt{AutoRewrite} tactic. He also designed the new -behavior of \texttt{Intro} and provided the tacticals \texttt{First} and -\texttt{Solve}.\\ -J.-C. Filli\^atre developed the \texttt{Correctness} tactic.\\ -E. Gim\'enez extended the guard condition in fixpoints.\\ -H. Herbelin designed the new syntax for definitions and extended the -\texttt{Induction} tactic.\\ -P. Loiseleur developed the \texttt{Quote} tactic and -the new design of the \texttt{Auto} -tactic, he also introduced the index of -errors in the documentation.\\ -C. Paulin wrote the \texttt{Focus} command and introduced -the reduction functions in definitions, this last feature -was proposed by J.-F. Monin from CNET Lannion. - -\begin{flushright} -Orsay, Dec. 1999\\ -Christine Paulin -\end{flushright} - -%\newpage - -\section*{Credits: versions 7} - -The version V7 is a new implementation started in September 1999 by -Jean-Christophe Filliâtre. This is a major revision with respect to -the internal architecture of the system. The \Coq{} version 7.0 was -distributed in March 2001, version 7.1 in September 2001, version -7.2 in January 2002, version 7.3 in May 2002 and version 7.4 in -February 2003. - -Jean-Christophe Filliâtre designed the architecture of the new system, he -introduced a new representation for environments and wrote a new kernel -for type-checking terms. His approach was to use functional -data-structures in order to get more sharing, to prepare the addition -of modules and also to get closer to a certified kernel. - -Hugo Herbelin introduced a new structure of terms with local -definitions. He introduced ``qualified'' names, wrote a new -pattern-matching compilation algorithm and designed a more compact -algorithm for checking the logical consistency of universes. He -contributed to the simplification of {\Coq} internal structures and the -optimisation of the system. He added basic tactics for forward -reasoning and coercions in patterns. - -David Delahaye introduced a new language for tactics. General tactics -using pattern-matching on goals and context can directly be written -from the {\Coq} toplevel. He also provided primitives for the design -of user-defined tactics in \textsc{Caml}. - -Micaela Mayero contributed the library on real numbers. -Olivier Desmettre extended this library with axiomatic -trigonometric functions, square, square roots, finite sums, Chasles -property and basic plane geometry. - -Jean-Christophe Filliâtre and Pierre Letouzey redesigned a new -extraction procedure from \Coq{} terms to \textsc{Caml} or -\textsc{Haskell} programs. This new -extraction procedure, unlike the one implemented in previous version -of \Coq{} is able to handle all terms in the Calculus of Inductive -Constructions, even involving universes and strong elimination. P. -Letouzey adapted user contributions to extract ML programs when it was -sensible. -Jean-Christophe Filliâtre wrote \verb=coqdoc=, a documentation -tool for {\Coq} libraries usable from version 7.2. - -Bruno Barras improved the reduction algorithms efficiency and -the confidence level in the correctness of {\Coq} critical type-checking -algorithm. - -Yves Bertot designed the \texttt{SearchPattern} and -\texttt{SearchRewrite} tools and the support for the \textsc{pcoq} interface -(\url{http://www-sop.inria.fr/lemme/pcoq/}). - -Micaela Mayero and David Delahaye introduced {\tt Field}, a decision tactic for commutative fields. - -Christine Paulin changed the elimination rules for empty and singleton -propositional inductive types. - -Loïc Pottier developed {\tt Fourier}, a tactic solving linear inequalities on real numbers. - -Pierre Crégut developed a new version based on reflexion of the {\tt Omega} -decision tactic. - -Claudio Sacerdoti Coen designed an XML output for the {\Coq} -modules to be used in the Hypertextual Electronic Library of -Mathematics (HELM cf \url{http://www.cs.unibo.it/helm}). - -A library for efficient representation of finite maps using binary trees -contributed by Jean Goubault was integrated in the basic theories. - -Pierre Courtieu developed a command and a tactic to reason on the -inductive structure of recursively defined functions. - -Jacek Chrz\k{a}szcz designed and implemented the module system of -{\Coq} whose foundations are in Judicaël Courant's PhD thesis. - -\bigskip - -The development was coordinated by C. Paulin. - -Many discussions within the Démons team and the LogiCal project -influenced significantly the design of {\Coq} especially with -%J. Chrz\k{a}szcz, P. Courtieu, -J. Courant, J. Duprat, J. Goubault, A. Miquel, -C. Marché, B. Monate and B. Werner. - -Intensive users suggested improvements of the system : -Y. Bertot, L. Pottier, L. Théry, P. Zimmerman from INRIA, -C. Alvarado, P. Crégut, J.-F. Monin from France Telecom R \& D. -\begin{flushright} -Orsay, May. 2002\\ -Hugo Herbelin \& Christine Paulin -\end{flushright} - -\section*{Credits: version 8.0} - -{\Coq} version 8 is a major revision of the {\Coq} proof assistant. -First, the underlying logic is slightly different. The so-called {\em -impredicativity} of the sort {\tt Set} has been dropped. The main -reason is that it is inconsistent with the principle of description -which is quite a useful principle for formalizing %classical -mathematics within classical logic. Moreover, even in an constructive -setting, the impredicativity of {\tt Set} does not add so much in -practice and is even subject of criticism from a large part of the -intuitionistic mathematician community. Nevertheless, the -impredicativity of {\tt Set} remains optional for users interested in -investigating mathematical developments which rely on it. - -Secondly, the concrete syntax of terms has been completely -revised. The main motivations were - -\begin{itemize} -\item a more uniform, purified style: all constructions are now lowercase, - with a functional programming perfume (e.g. abstraction is now - written {\tt fun}), and more directly accessible to the novice - (e.g. dependent product is now written {\tt forall} and allows - omission of types). Also, parentheses and are no longer mandatory - for function application. -\item extensibility: some standard notations (e.g. ``<'' and ``>'') were - incompatible with the previous syntax. Now all standard arithmetic - notations (=, +, *, /, <, <=, ... and more) are directly part of the - syntax. -\end{itemize} - -Together with the revision of the concrete syntax, a new mechanism of -{\em interpretation scopes} permits to reuse the same symbols -(typically +, -, *, /, <, <=) in various mathematical theories without -any ambiguities for {\Coq}, leading to a largely improved readability of -{\Coq} scripts. New commands to easily add new symbols are also -provided. - -Coming with the new syntax of terms, a slight reform of the tactic -language and of the language of commands has been carried out. The -purpose here is a better uniformity making the tactics and commands -easier to use and to remember. - -Thirdly, a restructuration and uniformisation of the standard library -of {\Coq} has been performed. There is now just one Leibniz' equality -usable for all the different kinds of {\Coq} objects. Also, the set of -real numbers now lies at the same level as the sets of natural and -integer numbers. Finally, the names of the standard properties of -numbers now follow a standard pattern and the symbolic -notations for the standard definitions as well. - -The fourth point is the release of \CoqIDE{}, a new graphical -gtk2-based interface fully integrated to {\Coq}. Close in style from -the Proof General Emacs interface, it is faster and its integration -with {\Coq} makes interactive developments more friendly. All -mathematical Unicode symbols are usable within \CoqIDE{}. - -Finally, the module system of {\Coq} completes the picture of {\Coq} -version 8.0. Though released with an experimental status in the previous -version 7.4, it should be considered as a salient feature of the new -version. - -Besides, {\Coq} comes with its load of novelties and improvements: new -or improved tactics (including a new tactic for solving first-order -statements), new management commands, extended libraries. - -\bigskip - -Bruno Barras and Hugo Herbelin have been the main contributors of the -reflexion and the implementation of the new syntax. The smart -automatic translator from old to new syntax released with {\Coq} is also -their work with contributions by Olivier Desmettre. - -Hugo Herbelin is the main designer and implementor of the notion of -interpretation scopes and of the commands for easily adding new notations. - -Hugo Herbelin is the main implementor of the restructuration of the -standard library. - -Pierre Corbineau is the main designer and implementor of the new -tactic for solving first-order statements in presence of inductive -types. He is also the maintainer of the non-domain specific automation -tactics. - -Benjamin Monate is the developer of the \CoqIDE{} graphical -interface with contributions by Jean-Christophe Filliâtre, Pierre -Letouzey, Claude Marché and Bruno Barras. - -Claude Marché coordinated the edition of the Reference Manual for - \Coq{} V8.0. - -Pierre Letouzey and Jacek Chrz\k{a}szcz respectively maintained the -extraction tool and module system of {\Coq}. - -Jean-Christophe Filliâtre, Pierre Letouzey, Hugo Herbelin and other -contributors from Sophia-Antipolis and Nijmegen participated to the -extension of the library. - -Julien Narboux built a NSIS-based automatic {\Coq} installation tool for -the Windows platform. - -Hugo Herbelin and Christine Paulin coordinated the development which -was under the responsability of Christine Paulin. - -\begin{flushright} -Palaiseau \& Orsay, Apr. 2004\\ -Hugo Herbelin \& Christine Paulin\\ -(updated Apr. 2006) -\end{flushright} - -\section*{Credits: version 8.1} - -{\Coq} version 8.1 adds various new functionalities. - -Benjamin Grégoire implemented an alternative algorithm to check the -convertibility of terms in the {\Coq} type-checker. This alternative -algorithm works by compilation to an efficient bytecode that is -interpreted in an abstract machine similar to Xavier Leroy's ZINC -machine. Convertibility is performed by comparing the normal -forms. This alternative algorithm is specifically interesting for -proofs by reflection. More generally, it is convenient in case of -intensive computations. - -Christine Paulin implemented an extension of inductive types allowing -recursively non uniform parameters. Hugo Herbelin implemented -sort-polymorphism for inductive types (now called template polymorphism). - -Claudio Sacerdoti Coen improved the tactics for rewriting on arbitrary -compatible equivalence relations. He also generalized rewriting to -arbitrary transition systems. - -Claudio Sacerdoti Coen added new features to the module system. - -Benjamin Grégoire, Assia Mahboubi and Bruno Barras developed a new -more efficient and more general simplification algorithm on rings and -semi-rings. - -Laurent Théry and Bruno Barras developed a new significantly more efficient -simplification algorithm on fields. - -Hugo Herbelin, Pierre Letouzey, Julien Forest, Julien Narboux and -Claudio Sacerdoti Coen added new tactic features. - -Hugo Herbelin implemented matching on disjunctive patterns. - -New mechanisms made easier the communication between {\Coq} and external -provers. Nicolas Ayache and Jean-Christophe Filliâtre implemented -connections with the provers {\sc cvcl}, {\sc Simplify} and {\sc -zenon}. Hugo Herbelin implemented an experimental protocol for calling -external tools from the tactic language. - -Matthieu Sozeau developed \textsc{Russell}, an experimental language -to specify the behavior of programs with subtypes. - -A mechanism to automatically use some specific tactic to solve -unresolved implicit has been implemented by Hugo Herbelin. - -Laurent Théry's contribution on strings and Pierre Letouzey and -Jean-Christophe Filliâtre's contribution on finite maps have been -integrated to the {\Coq} standard library. Pierre Letouzey developed a -library about finite sets ``à la {\ocaml}''. With Jean-Marc -Notin, he extended the library on lists. Pierre Letouzey's -contribution on rational numbers has been integrated and extended.. - -Pierre Corbineau extended his tactic for solving first-order -statements. He wrote a reflection-based intuitionistic tautology -solver. - -Pierre Courtieu, Julien Forest and Yves Bertot added extra support to -reason on the inductive structure of recursively defined functions. - -Jean-Marc Notin significantly contributed to the general maintenance -of the system. He also took care of {\textsf{coqdoc}}. - -Pierre Castéran contributed to the documentation of (co-)inductive -types and suggested improvements to the libraries. - -Pierre Corbineau implemented a declarative mathematical proof -language, usable in combination with the tactic-based style of proof. - -Finally, many users suggested improvements of the system through the -Coq-Club mailing list and bug-tracker systems, especially user groups -from INRIA Rocquencourt, Radboud University, University of -Pennsylvania and Yale University. - -\enlargethispage{\baselineskip} -\begin{flushright} -Palaiseau, July 2006\\ -Hugo Herbelin -\end{flushright} - -\section*{Credits: version 8.2} - -{\Coq} version 8.2 adds new features, new libraries and -improves on many various aspects. - -Regarding the language of Coq, the main novelty is the introduction by -Matthieu Sozeau of a package of commands providing Haskell-style -type classes. Type classes, that come with a few convenient features -such as type-based resolution of implicit arguments, plays a new role -of landmark in the architecture of Coq with respect to automatization. -For instance, thanks to type classes support, Matthieu Sozeau could -implement a new resolution-based version of the tactics dedicated to -rewriting on arbitrary transitive relations. - -Another major improvement of Coq 8.2 is the evolution of the -arithmetic libraries and of the tools associated to them. Benjamin -Grégoire and Laurent Théry contributed a modular library for building -arbitrarily large integers from bounded integers while Evgeny Makarov -contributed a modular library of abstract natural and integer -arithmetics together with a few convenient tactics. On his side, -Pierre Letouzey made numerous extensions to the arithmetic libraries on -$\mathbb{Z}$ and $\mathbb{Q}$, including extra support for -automatization in presence of various number-theory concepts. - -Frédéric Besson contributed a reflexive tactic based on -Krivine-Stengle Positivstellensatz (the easy way) for validating -provability of systems of inequalities. The platform is flexible enough -to support the validation of any algorithm able to produce a -``certificate'' for the Positivstellensatz and this covers the case of -Fourier-Motzkin (for linear systems in $\mathbb{Q}$ and $\mathbb{R}$), -Fourier-Motzkin with cutting planes (for linear systems in -$\mathbb{Z}$) and sum-of-squares (for non-linear systems). Evgeny -Makarov made the platform generic over arbitrary ordered rings. - -Arnaud Spiwack developed a library of 31-bits machine integers and, -relying on Benjamin Grégoire and Laurent Théry's library, delivered a -library of unbounded integers in base $2^{31}$. As importantly, he -developed a notion of ``retro-knowledge'' so as to safely extend the -kernel-located bytecode-based efficient evaluation algorithm of Coq -version 8.1 to use 31-bits machine arithmetics for efficiently -computing with the library of integers he developed. - -Beside the libraries, various improvements contributed to provide a -more comfortable end-user language and more expressive tactic -language. Hugo Herbelin and Matthieu Sozeau improved the -pattern-matching compilation algorithm (detection of impossible -clauses in pattern-matching, automatic inference of the return -type). Hugo Herbelin, Pierre Letouzey and Matthieu Sozeau contributed -various new convenient syntactic constructs and new tactics or tactic -features: more inference of redundant information, better unification, -better support for proof or definition by fixpoint, more expressive -rewriting tactics, better support for meta-variables, more convenient -notations, ... - -Élie Soubiran improved the module system, adding new features (such as -an ``include'' command) and making it more flexible and more -general. He and Pierre Letouzey improved the support for modules in -the extraction mechanism. - -Matthieu Sozeau extended the \textsc{Russell} language, ending in an -convenient way to write programs of given specifications, Pierre -Corbineau extended the Mathematical Proof Language and the -automatization tools that accompany it, Pierre Letouzey supervised and -extended various parts of the standard library, Stéphane Glondu -contributed a few tactics and improvements, Jean-Marc Notin provided -help in debugging, general maintenance and {\tt coqdoc} support, -Vincent Siles contributed extensions of the {\tt Scheme} command and -of {\tt injection}. - -Bruno Barras implemented the {\tt coqchk} tool: this is a stand-alone -type-checker that can be used to certify {\tt .vo} files. Especially, -as this verifier runs in a separate process, it is granted not to be -``hijacked'' by virtually malicious extensions added to {\Coq}. - -Yves Bertot, Jean-Christophe Filliâtre, Pierre Courtieu and -Julien Forest acted as maintainers of features they implemented in -previous versions of Coq. - -Julien Narboux contributed to {\CoqIDE}. -Nicolas Tabareau made the adaptation of the interface of the old -``setoid rewrite'' tactic to the new version. Lionel Mamane worked on -the interaction between Coq and its external interfaces. With Samuel -Mimram, he also helped making Coq compatible with recent software -tools. Russell O'Connor, Cezary Kaliscyk, Milad Niqui contributed to -improve the libraries of integers, rational, and real numbers. We -also thank many users and partners for suggestions and feedback, in -particular Pierre Castéran and Arthur Charguéraud, the INRIA Marelle -team, Georges Gonthier and the INRIA-Microsoft Mathematical Components team, -the Foundations group at Radboud university in Nijmegen, reporters of bugs -and participants to the Coq-Club mailing list. - -\begin{flushright} -Palaiseau, June 2008\\ -Hugo Herbelin\\ -\end{flushright} - -\section*{Credits: version 8.3} - -{\Coq} version 8.3 is before all a transition version with refinements -or extensions of the existing features and libraries and a new tactic -{\tt nsatz} based on Hilbert's Nullstellensatz for deciding systems of -equations over rings. - -With respect to libraries, the main evolutions are due to Pierre -Letouzey with a rewriting of the library of finite sets {\tt FSets} -and a new round of evolutions in the modular development of arithmetic -(library {\tt Numbers}). The reason for making {\tt FSets} evolve is -that the computational and logical contents were quite intertwined in -the original implementation, leading in some cases to longer -computations than expected and this problem is solved in the new {\tt - MSets} implementation. As for the modular arithmetic library, it was -only dealing with the basic arithmetic operators in the former version -and its current extension adds the standard theory of the division, -min and max functions, all made available for free to any -implementation of $\mathbb{N}$, $\mathbb{Z}$ or -$\mathbb{Z}/n\mathbb{Z}$. - -The main other evolutions of the library are due to Hugo Herbelin who -made a revision of the sorting library (including a certified -merge-sort) and to Guillaume Melquiond who slightly revised and -cleaned up the library of reals. - -The module system evolved significantly. Besides the resolution of -some efficiency issues and a more flexible construction of module -types, Élie Soubiran brought a new model of name equivalence, the -$\Delta$-equivalence, which respects as much as possible the names -given by the users. He also designed with Pierre Letouzey a new -convenient operator \verb!<+! for nesting functor application, that -provides a light notation for inheriting the properties of cascading -modules. - -The new tactic {\tt nsatz} is due to Loïc Pottier. It works by -computing Gr\"obner bases. Regarding the existing tactics, various -improvements have been done by Matthieu Sozeau, Hugo Herbelin and -Pierre Letouzey. - -Matthieu Sozeau extended and refined the type classes and {\tt - Program} features (the {\sc Russell} language). Pierre Letouzey -maintained and improved the extraction mechanism. Bruno Barras and -\'Elie Soubiran maintained the Coq checker, Julien Forest maintained -the {\tt Function} mechanism for reasoning over recursively defined -functions. Matthieu Sozeau, Hugo Herbelin and Jean-Marc Notin -maintained {\tt coqdoc}. Frédéric Besson maintained the {\sc - Micromega} plateform for deciding systems of inequalities. Pierre -Courtieu maintained the support for the Proof General Emacs -interface. Claude Marché maintained the plugin for calling external -provers ({\tt dp}). Yves Bertot made some improvements to the -libraries of lists and integers. Matthias Puech improved the search -functions. Guillaume Melquiond usefully contributed here and -there. Yann Régis-Gianas grounded the support for Unicode on a more -standard and more robust basis. - -Though invisible from outside, Arnaud Spiwack improved the general -process of management of existential variables. Pierre Letouzey and -Stéphane Glondu improved the compilation scheme of the Coq archive. -Vincent Gross provided support to {\CoqIDE}. Jean-Marc Notin provided -support for benchmarking and archiving. - -Many users helped by reporting problems, providing patches, suggesting -improvements or making useful comments, either on the bug tracker or -on the Coq-club mailing list. This includes but not exhaustively -Cédric Auger, Arthur Charguéraud, François Garillot, Georges Gonthier, -Robin Green, Stéphane Lescuyer, Eelis van der Weegen,~... - -Though not directly related to the implementation, special thanks are -going to Yves Bertot, Pierre Castéran, Adam Chlipala, and Benjamin -Pierce for the excellent teaching materials they provided. - -\begin{flushright} -Paris, April 2010\\ -Hugo Herbelin\\ -\end{flushright} - -\section*{Credits: version 8.4} - -{\Coq} version 8.4 contains the result of three long-term projects: a -new modular library of arithmetic by Pierre Letouzey, a new proof -engine by Arnaud Spiwack and a new communication protocol for {\CoqIDE} -by Vincent Gross. - -The new modular library of arithmetic extends, generalizes and -unifies the existing libraries on Peano arithmetic (types {\tt nat}, -{\tt N} and {\tt BigN}), positive arithmetic (type {\tt positive}), -integer arithmetic ({\tt Z} and {\tt BigZ}) and machine word -arithmetic (type {\tt Int31}). It provides with unified notations -(e.g. systematic use of {\tt add} and {\tt mul} for denoting the -addition and multiplication operators), systematic and generic -development of operators and properties of these operators for all the -types mentioned above, including gcd, pcm, power, square root, base 2 -logarithm, division, modulo, bitwise operations, logical shifts, -comparisons, iterators, ... - -The most visible feature of the new proof engine is the support for -structured scripts (bullets and proof brackets) but, even if yet not -user-available, the new engine also provides the basis for refining -existential variables using tactics, for applying tactics to several -goals simultaneously, for reordering goals, all features which are -planned for the next release. The new proof engine forced to -reimplement {\tt info} and {\tt Show Script} differently, what was -done by Pierre Letouzey. - -Before version 8.4, {\CoqIDE} was linked to {\Coq} with the graphical -interface living in a separate thread. From version 8.4, {\CoqIDE} is a -separate process communicating with {\Coq} through a textual -channel. This allows for a more robust interfacing, the ability to -interrupt {\Coq} without interrupting the interface, and the ability to -manage several sessions in parallel. Relying on the infrastructure -work made by Vincent Gross, Pierre Letouzey, Pierre Boutillier and -Pierre-Marie P\'edrot contributed many various refinements of {\CoqIDE}. - -{\Coq} 8.4 also comes with a bunch of many various smaller-scale changes -and improvements regarding the different components of the system. - -The underlying logic has been extended with $\eta$-conversion thanks -to Hugo Herbelin, St\'ephane Glondu and Benjamin Gr\'egoire. The -addition of $\eta$-conversion is justified by the confidence that the -formulation of the Calculus of Inductive Constructions based on typed -equality (such as the one considered in Lee and Werner to build a -set-theoretic model of CIC~\cite{LeeWerner11}) is applicable to the -concrete implementation of {\Coq}. - -The underlying logic benefited also from a refinement of the guard -condition for fixpoints by Pierre Boutillier, the point being that it -is safe to propagate the information about structurally smaller -arguments through $\beta$-redexes that are blocked by the -``match'' construction (blocked commutative cuts). - -Relying on the added permissiveness of the guard condition, Hugo -Herbelin could extend the pattern-matching compilation algorithm -so that matching over a sequence of terms involving -dependencies of a term or of the indices of the type of a term in the -type of other terms is systematically supported. - -Regarding the high-level specification language, Pierre Boutillier -introduced the ability to give implicit arguments to anonymous -functions, Hugo Herbelin introduced the ability to define notations -with several binders (e.g. \verb=exists x y z, P=), Matthieu Sozeau -made the type classes inference mechanism more robust and predictable, -Enrico Tassi introduced a command {\tt Arguments} that generalizes -{\tt Implicit Arguments} and {\tt Arguments Scope} for assigning -various properties to arguments of constants. Various improvements in -the type inference algorithm were provided by Matthieu Sozeau and Hugo -Herbelin with contributions from Enrico Tassi. - -Regarding tactics, Hugo Herbelin introduced support for referring to -expressions occurring in the goal by pattern in tactics such as {\tt - set} or {\tt destruct}. Hugo Herbelin also relied on ideas from -Chung-Kil Hur's {\tt Heq} plugin to introduce automatic computation of -occurrences to generalize when using {\tt destruct} and {\tt - induction} on types with indices. St\'ephane Glondu introduced new -tactics {\tt constr\_eq}, {\tt is\_evar} and {\tt has\_evar} to be -used when writing complex tactics. Enrico Tassi added support to -fine-tuning the behavior of {\tt simpl}. Enrico Tassi added the -ability to specify over which variables of a section a lemma has -to be exactly generalized. Pierre Letouzey added a tactic {\tt - timeout} and the interruptibility of {\tt vm\_compute}. Bug fixes -and miscellaneous improvements of the tactic language came from Hugo -Herbelin, Pierre Letouzey and Matthieu Sozeau. - -Regarding decision tactics, Lo\"ic Pottier maintained {\tt Nsatz}, -moving in particular to a type-class based reification of goals while -Fr\'ed\'eric Besson maintained {\tt Micromega}, adding in particular -support for division. - -Regarding vernacular commands, St\'ephane Glondu provided new commands -to analyze the structure of type universes. - -Regarding libraries, a new library about lists of a given length -(called vectors) has been provided by Pierre Boutillier. A new -instance of finite sets based on Red-Black trees and provided by -Andrew Appel has been adapted for the standard library by Pierre -Letouzey. In the library of real analysis, Yves Bertot changed the -definition of $\pi$ and provided a proof of the long-standing fact yet -remaining unproved in this library, namely that $sin \frac{\pi}{2} = -1$. - -Pierre Corbineau maintained the Mathematical Proof Language (C-zar). - -Bruno Barras and Benjamin Gr\'egoire maintained the call-by-value -reduction machines. - -The extraction mechanism benefited from several improvements provided by -Pierre Letouzey. - -Pierre Letouzey maintained the module system, with contributions from -\'Elie Soubiran. - -Julien Forest maintained the {\tt Function} command. - -Matthieu Sozeau maintained the setoid rewriting mechanism. - -{\Coq} related tools have been upgraded too. In particular, {\tt - coq\_makefile} has been largely revised by Pierre Boutillier. Also, -patches from Adam Chlipala for {\tt coqdoc} have been integrated by -Pierre Boutillier. - -Bruno Barras and Pierre Letouzey maintained the {\tt coqchk} checker. - -Pierre Courtieu and Arnaud Spiwack contributed new features for using -{\Coq} through Proof General. - -The {\tt Dp} plugin has been removed. Use the plugin provided with -{\tt Why 3} instead (\url{http://why3.lri.fr}). - -Under the hood, the {\Coq} architecture benefited from improvements in -terms of efficiency and robustness, especially regarding universes -management and existential variables management, thanks to Pierre -Letouzey and Yann R\'egis-Gianas with contributions from St\'ephane -Glondu and Matthias Puech. The build system is maintained by Pierre -Letouzey with contributions from St\'ephane Glondu and Pierre -Boutillier. - -A new backtracking mechanism simplifying the task of external -interfaces has been designed by Pierre Letouzey. - -The general maintenance was done by Pierre Letouzey, Hugo Herbelin, -Pierre Boutillier, Matthieu Sozeau and St\'ephane Glondu with also -specific contributions from Guillaume Melquiond, Julien Narboux and -Pierre-Marie Pédrot. - -Packaging tools were provided by Pierre Letouzey (Windows), Pierre -Boutillier (MacOS), St\'ephane Glondu (Debian). Releasing, testing and -benchmarking support was provided by Jean-Marc Notin. - -Many suggestions for improvements were motivated by feedback from -users, on either the bug tracker or the coq-club mailing list. Special -thanks are going to the users who contributed patches, starting with -Tom Prince. Other patch contributors include C\'edric Auger, David -Baelde, Dan Grayson, Paolo Herms, Robbert Krebbers, Marc Lasson, -Hendrik Tews and Eelis van der Weegen. - -\begin{flushright} -Paris, December 2011\\ -Hugo Herbelin\\ -\end{flushright} - - -\section*{Credits: version 8.5} - -{\Coq} version 8.5 contains the result of five specific long-term -projects: -\begin{itemize} -\item A new asynchronous evaluation and compilation mode by Enrico - Tassi with help from Bruno Barras and Carst Tankink. -\item Full integration of the new proof engine by Arnaud Spiwack - helped by Pierre-Marie Pédrot, -\item Addition of conversion and reduction based on native compilation - by Maxime Dénès and Benjamin Grégoire. -\item Full universe polymorphism for definitions and inductive types by - Matthieu Sozeau. -\item An implementation of primitive projections with $\eta$-conversion - bringing significant performance improvements when using records by - Matthieu Sozeau. -\end{itemize} - -The full integration of the proof engine, by Arnaud Spiwack and -Pierre-Marie Pédrot, brings to primitive tactics and the user level -Ltac language dependent subgoals, deep backtracking and multiple goal -handling, along with miscellaneous features and an improved potential -for future modifications. Dependent subgoals allow statements in a -goal to mention the proof of another. Proofs of unsolved subgoals -appear as existential variables. Primitive backtracking makes it -possible to write a tactic with several possible outcomes which are -tried successively when subsequent tactics fail. Primitives are also -available to control the backtracking behavior of tactics. Multiple -goal handling paves the way for smarter automation tactics. It is -currently used for simple goal manipulation such as goal reordering. - -The way {\Coq} processes a document in batch and interactive mode has -been redesigned by Enrico Tassi with help from Bruno Barras. Opaque -proofs, the text between Proof and Qed, can be processed -asynchronously, decoupling the checking of definitions and statements -from the checking of proofs. It improves the responsiveness of -interactive development, since proofs can be processed in the -background. Similarly, compilation of a file can be split into two -phases: the first one checking only definitions and statements and the -second one checking proofs. A file resulting from the first -phase~--~with the .vio extension~--~can be already Required. All .vio -files can be turned into complete .vo files in parallel. The same -infrastructure also allows terminating tactics to be run in parallel -on a set of goals via the \verb=par:= goal selector. - -{\CoqIDE} was modified to cope with asynchronous checking of the -document. Its source code was also made separate from that of {\Coq}, so -that {\CoqIDE} no longer has a special status among user interfaces, -paving the way for decoupling its release cycle from that of {\Coq} in -the future. - -Carst Tankink developed a {\Coq} back-end for user interfaces built on -Makarius Wenzel's Prover IDE framework (PIDE), like PIDE/jEdit (with -help from Makarius Wenzel) or PIDE/Coqoon (with help from Alexander -Faithfull and Jesper Bengtson). The development of such features was -funded by the Paral-ITP French ANR project. - -The full universe polymorphism extension was designed by Matthieu -Sozeau. It conservatively extends the universes system and core calculus -with definitions and inductive declarations parameterized by universes -and constraints. It is based on a modification of the kernel architecture to -handle constraint checking only, leaving the generation of constraints -to the refinement/type inference engine. Accordingly, tactics are now -fully universe aware, resulting in more localized error messages in case -of inconsistencies and allowing higher-level algorithms like unification -to be entirely type safe. The internal representation of universes has -been modified but this is invisible to the user. - -The underlying logic has been extended with $\eta$-conversion for -records defined with primitive projections by Matthieu Sozeau. This -additional form of $\eta$-conversion is justified using the same -principle than the previously added $\eta$-conversion for function -types, based on formulations of the Calculus of Inductive Constructions -with typed equality. Primitive projections, which do not carry the -parameters of the record and are rigid names (not defined as a -pattern-matching construct), make working with nested records more -manageable in terms of time and space consumption. This extension and -universe polymorphism were carried out partly while Matthieu Sozeau was working -at the IAS in Princeton. - -The guard condition has been made compliant with extensional equality -principles such as propositional extensionality and univalence, thanks to -Maxime Dénès and Bruno Barras. To ensure compatibility with the -univalence axiom, a new flag ``-indices-matter'' has been implemented, -taking into account the universe levels of indices when computing the -levels of inductive types. This supports using {\Coq} as a tool to explore -the relations between homotopy theory and type theory. - -Maxime Dénès and Benjamin Grégoire developed an implementation of -conversion test and normal form computation using the OCaml native -compiler. It complements the virtual machine conversion offering much -faster computation for expensive functions. - -{\Coq} 8.5 also comes with a bunch of many various smaller-scale -changes and improvements regarding the different components of the -system. We shall only list a few of them. - -Pierre Boutillier developed an improved tactic for simplification of -expressions called {\tt cbn}. - -Maxime Dénès maintained the bytecode-based reduction machine. Pierre -Letouzey maintained the extraction mechanism. - -Pierre-Marie Pédrot has extended the syntax of terms to, -experimentally, allow holes in terms to be solved by a locally -specified tactic. - -Existential variables are referred to by identifiers rather than mere -numbers, thanks to Hugo Herbelin who also improved the tactic language -here and there. - -Error messages for universe inconsistencies have been improved by -Matthieu Sozeau. Error messages for unification and type inference -failures have been improved by Hugo Herbelin, Pierre-Marie Pédrot and -Arnaud Spiwack. - -Pierre Courtieu contributed new features for using {\Coq} through Proof -General and for better interactive experience (bullets, Search, etc). - -The efficiency of the whole system has been significantly improved -thanks to contributions from Pierre-Marie Pédrot. - -A distribution channel for {\Coq} packages using the OPAM tool has -been initiated by Thomas Braibant and developed by Guillaume Claret, -with contributions by Enrico Tassi and feedback from Hugo Herbelin. - -Packaging tools were provided by Pierre Letouzey and Enrico Tassi -(Windows), Pierre Boutillier, Matthieu Sozeau and Maxime Dénès (MacOS -X). Maxime Dénès improved significantly the testing and benchmarking -support. - -Many power users helped to improve the design of the new features via -the bug tracker, the coq development mailing list or the coq-club -mailing list. Special thanks are going to the users who contributed -patches and intensive brain-storming, starting with Jason Gross, -Jonathan Leivent, Greg Malecha, Clément Pit-Claudel, Marc Lasson, -Lionel Rieg. It would however be impossible to mention with precision -all names of people who to some extent influenced the development. - -Version 8.5 is one of the most important release of {\Coq}. Its -development spanned over about 3 years and a half with about one year -of beta-testing. General maintenance during part or whole of this -period has been done by Pierre Boutillier, Pierre Courtieu, Maxime -Dénès, Hugo Herbelin, Pierre Letouzey, Guillaume Melquiond, -Pierre-Marie Pédrot, Matthieu Sozeau, Arnaud Spiwack, Enrico Tassi as -well as Bruno Barras, Yves Bertot, Frédéric Besson, Xavier Clerc, -Pierre Corbineau, Jean-Christophe Filliâtre, Julien Forest, Sébastien -Hinderer, Assia Mahboubi, Jean-Marc Notin, Yann Régis-Gianas, François -Ripault, Carst Tankink. Maxime Dénès coordinated the release process. - -\begin{flushright} -Paris, January 2015, revised December 2015,\\ -Hugo Herbelin, Matthieu Sozeau and the {\Coq} development team\\ -\end{flushright} - -\section*{Credits: version 8.6} - -{\Coq} version 8.6 contains the result of refinements, stabilization of -8.5's features and cleanups of the internals of the system. Over the -year of (now time-based) development, about 450 bugs were resolved and -over 100 contributions integrated. The main user visible changes are: -\begin{itemize} -\item A new, faster state-of-the-art universe constraint checker, by - Jacques-Henri Jourdan. -\item In CoqIDE and other asynchronous interfaces, more fine-grained - asynchronous processing and error reporting by Enrico Tassi, making {\Coq} - capable of recovering from errors and continue processing the document. -\item More access to the proof engine features from Ltac: goal - management primitives, range selectors and a {\tt typeclasses - eauto} engine handling multiple goals and multiple successes, by - Cyprien Mangin, Matthieu Sozeau and Arnaud Spiwack. -\item Tactic behavior uniformization and specification, generalization - of intro-patterns by Hugo Herbelin and others. -\item A brand new warning system allowing to control warnings, turn them - into errors or ignore them selectively by Maxime Dénès, Guillaume - Melquiond, Pierre-Marie Pédrot and others. -\item Irrefutable patterns in abstractions, by Daniel de Rauglaudre. -\item The {\tt ssreflect} subterm selection algorithm by Georges Gonthier and - Enrico Tassi is now accessible to tactic writers through the {\tt ssrmatching} - plugin. -\item Integration of {\tt LtacProf}, a profiler for {\tt Ltac} by Jason - Gross, Paul Steckler, Enrico Tassi and Tobias Tebbi. -\end{itemize} - -{\Coq} 8.6 also comes with a bunch of smaller-scale changes and -improvements regarding the different components of the system. We shall -only list a few of them. - -The {\tt iota} reduction flag is now a shorthand for {\tt match}, {\tt - fix} and {\tt cofix} flags controlling the corresponding reduction -rules (by Hugo Herbelin and Maxime Dénès). - -Maxime Dénès maintained the native compilation machinery. - -Pierre-Marie Pédrot separated the Ltac code from general purpose -tactics, and generalized and rationalized the handling of generic -arguments, allowing to create new versions of Ltac more easily in the -future. - -In patterns and terms, {\tt @}, abbreviations and notations are now -interpreted the same way, by Hugo Herbelin. - -Name handling for universes has been improved by Pierre-Marie Pédrot and -Matthieu Sozeau. The minimization algorithm has been improved by -Matthieu Sozeau. - -The unifier has been improved by Hugo Herbelin and Matthieu Sozeau, -fixing some incompatibilities introduced in Coq 8.5. Unification -constraints can now be left floating around and be seen by the user -thanks to a new option. The {\tt Keyed Unification} mode has been -improved by Matthieu Sozeau. - -The typeclass resolution engine and associated proof-search tactic have -been reimplemented on top of the proof-engine monad, providing better -integration in tactics, and new options have been introduced to control -it, by Matthieu Sozeau with help from Théo Zimmermann. - -The efficiency of the whole system has been significantly improved -thanks to contributions from Pierre-Marie Pédrot, Maxime Dénès and -Matthieu Sozeau and performance issue tracking by Jason Gross and Paul -Steckler. - -Standard library improvements by Jason Gross, Sébastien Hinderer, Pierre -Letouzey and others. - -Emilio Jesús Gallego Arias contributed many cleanups and refactorings of -the pretty-printing and user interface communication components. - -Frédéric Besson maintained the micromega tactic. - -The OPAM repository for {\Coq} packages has been maintained by Guillaume -Claret, Guillaume Melquiond, Matthieu Sozeau, Enrico Tassi and others. A -list of packages is now available at \url{https://coq.inria.fr/opam/www/}. - -Packaging tools and software development kits were prepared by Michael -Soegtrop with the help of Maxime Dénès and Enrico Tassi for Windows, and -Maxime Dénès and Matthieu Sozeau for MacOS X. Packages are now regularly -built on the continuous integration server. {\Coq} now comes with a {\tt - META} file usable with {\tt ocamlfind}, contributed by Emilio Jesús -Gallego Arias, Gregory Malecha, and Matthieu Sozeau. - -Matej Košík maintained and greatly improved the continuous integration -setup and the testing of {\Coq} contributions. He also contributed many -API improvement and code cleanups throughout the system. - -The contributors for this version are Bruno Barras, C.J. Bell, Yves -Bertot, Frédéric Besson, Pierre Boutillier, Tej Chajed, Guillaume -Claret, Xavier Clerc, Pierre Corbineau, Pierre Courtieu, Maxime Dénès, -Ricky Elrod, Emilio Jesús Gallego Arias, Jason Gross, Hugo Herbelin, -Sébastien Hinderer, Jacques-Henri Jourdan, Matej Kosik, Xavier Leroy, -Pierre Letouzey, Gregory Malecha, Cyprien Mangin, Erik Martin-Dorel, -Guillaume Melquiond, Clément Pit--Claudel, Pierre-Marie Pédrot, Daniel -de Rauglaudre, Lionel Rieg, Gabriel Scherer, Thomas Sibut-Pinote, -Matthieu Sozeau, Arnaud Spiwack, Paul Steckler, Enrico Tassi, Laurent -Théry, Nickolai Zeldovich and Théo Zimmermann. The development process -was coordinated by Hugo Herbelin and Matthieu Sozeau with the help of -Maxime Dénès, who was also in charge of the release process. - -Many power users helped to improve the design of the new features via -the bug tracker, the pull request system, the {\Coq} development mailing -list or the coq-club mailing list. Special thanks to the users who -contributed patches and intensive brain-storming and code reviews, -starting with Cyril Cohen, Jason Gross, Robbert Krebbers, Jonathan -Leivent, Xavier Leroy, Gregory Malecha, Clément Pit--Claudel, Gabriel -Scherer and Beta Ziliani. It would however be impossible to mention -exhaustively the names of everybody who to some extent influenced the -development. - -Version 8.6 is the first release of {\Coq} developed on a time-based -development cycle. Its development spanned 10 months from the release of -{\Coq} 8.5 and was based on a public roadmap. To date, it contains more -external contributions than any previous {\Coq} system. Code reviews -were systematically done before integration of new features, with an -important focus given to compatibility and performance issues, resulting -in a hopefully more robust release than {\Coq} 8.5. - -Coq Enhancement Proposals (CEPs for short) were introduced by Enrico -Tassi to provide more visibility and a discussion period on new -features, they are publicly available \url{https://github.com/coq/ceps}. - -Started during this period, an effort is led by Yves Bertot and Maxime -Dénès to put together a {\Coq} consortium. - -\begin{flushright} -Paris, November 2016,\\ -Matthieu Sozeau and the {\Coq} development team\\ -\end{flushright} - -\section*{Credits: version 8.7} - -{\Coq} version 8.7 contains the result of refinements, stabilization of -features and cleanups of the internals of the system along with a few -new features. The main user visible changes are: -\begin{itemize} -\item New tactics: variants of tactics supporting existential variables - \texttt{eassert}, \texttt{eenough}, etc... by Hugo Herbelin. Tactics - \texttt{extensionality in H} and \texttt{inversion\_sigma} by Jason - Gross, \texttt{specialize with ...} accepting partial bindings by - Pierre Courtieu. -\item Cumulative Polymorphic Inductive Types, allowing cumulativity of - universes to go through applied inductive types, by Amin Timany and - Matthieu Sozeau. -\item Integration of the \texttt{SSReflect} plugin and its documentation in the - reference manual, by Enrico Tassi, Assia Mahboubi and Maxime Dénès. -\item The \texttt{coq\_makefile} tool was completely redesigned to improve its - maintainability and the extensibility of generated Makefiles, and to - make \texttt{\_CoqProject} files more palatable to IDEs by Enrico Tassi. -\end{itemize} - -{\Coq} 8.7 involved a large amount of work on cleaning and speeding up -the code base, notably the work of Pierre-Marie Pédrot on making the -tactic-level system insensitive to existential variable expansion, -providing a safer API to plugin writers and making the code more -robust. The \texttt{dev/doc/changes.txt} file documents the numerous -changes to the implementation and improvements of interfaces. An effort -to provide an official, streamlined API to plugin writers is in -progress, thanks to the work of Matej Košík. - -Version 8.7 also comes with a bunch of smaller-scale changes and improvements -regarding the different components of the system. We shall only list a -few of them. - -The efficiency of the whole system has been significantly improved -thanks to contributions from Pierre-Marie Pédrot, Maxime Dénès and -Matthieu Sozeau and performance issue tracking by Jason Gross and Paul -Steckler. - -Thomas Sibut-Pinote and Hugo Herbelin added support for side effects -hooks in \texttt{cbv}, \texttt{cbn} and \texttt{simpl}. The side -effects are provided via a plugin available at -\url{https://github.com/herbelin/reduction-effects/}. - -The \texttt{BigN}, \texttt{BigZ}, \texttt{BigQ} libraries are no longer -part of the {\Coq} standard library, they are now provided by a separate -repository \url{https://github.com/coq/bignums}, maintained by Pierre -Letouzey. - -In the \texttt{Reals} library, \texttt{IZR} has been changed to produce -a compact representation of integers and real constants are now -represented using \texttt{IZR} (work by Guillaume Melquiond). - -Standard library additions and improvements by Jason Gross, Pierre -Letouzey and others, documented in the CHANGES file. - -The mathematical proof language/declarative mode plugin was removed from -the archive. - -The OPAM repository for {\Coq} packages has been maintained by Guillaume -Melquiond, Matthieu Sozeau, Enrico Tassi with contributions from many -users. A list of packages is available at -\url{https://coq.inria.fr/opam/www/}. - -Packaging tools and software development kits were prepared by Michael -Soegtrop with the help of Maxime Dénès and Enrico Tassi for Windows, and -Maxime Dénès for MacOS X. Packages are regularly built on the -Travis continuous integration server. - -The contributors for this version are Abhishek Anand, C.J. Bell, Yves -Bertot, Frédéric Besson, Tej Chajed, Pierre Courtieu, Maxime Dénès, -Julien Forest, Gaëtan Gilbert, Jason Gross, Hugo Herbelin, Emilio Jesús -Gallego Arias, Ralf Jung, Matej Košík, Xavier Leroy, Pierre Letouzey, -Assia Mahboubi, Cyprien Mangin, Erik Martin-Dorel, Olivier Marty, -Guillaume Melquiond, Sam Pablo Kuper, Benjamin Pierce, Pierre-Marie -Pédrot, Lars Rasmusson, Lionel Rieg, Valentin Robert, Yann Régis-Gianas, -Thomas Sibut-Pinote, Michael Soegtrop, Matthieu Sozeau, Arnaud Spiwack, -Paul Steckler, George Stelle, Pierre-Yves Strub, Enrico Tassi, Hendrik -Tews, Amin Timany, Laurent Théry, Vadim Zaliva and Théo Zimmermann. - -The development process was coordinated by Matthieu Sozeau with the help -of Maxime Dénès, who was also in charge of the release process. Théo -Zimmermann is the maintainer of this release. - -Many power users helped to improve the design of the new features via -the bug tracker, the pull request system, the {\Coq} development mailing -list or the coq-club mailing list. Special thanks to the users who -contributed patches and intensive brain-storming and code reviews, -starting with Jason Gross, Ralf Jung, Robbert Krebbers, Xavier Leroy, -Clément Pit--Claudel and Gabriel Scherer. It would however be impossible -to mention exhaustively the names of everybody who to some extent -influenced the development. - -Version 8.7 is the second release of {\Coq} developed on a time-based -development cycle. Its development spanned 9 months from the release of -{\Coq} 8.6 and was based on a public road-map. It attracted many external -contributions. Code reviews and continuous integration testing were -systematically used before integration of new features, with an -important focus given to compatibility and performance issues, resulting -in a hopefully more robust release than {\Coq} 8.6 while maintaining -compatibility. - -Coq Enhancement Proposals (CEPs for short) and open pull-requests -discussions were used to discuss publicly the new features. - -The {\Coq} consortium, an organization directed towards users and -supporters of the system, is now upcoming and will rely on Inria's -newly created Foundation. - -\begin{flushright} -Paris, August 2017,\\ -Matthieu Sozeau and the {\Coq} development team\\ -\end{flushright} - - -%new Makefile - -%\newpage - -% Integration of ZArith lemmas from Sophia and Nijmegen. - - -% $Id$ - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% End: diff --git a/doc/refman/RefMan-pro.tex b/doc/refman/RefMan-pro.tex index 6b24fdde79..bd74a40d7c 100644 --- a/doc/refman/RefMan-pro.tex +++ b/doc/refman/RefMan-pro.tex @@ -298,15 +298,19 @@ subgoals which clutter your screen. \begin{Variant} \item {\tt Focus {\num}.}\\ This focuses the attention on the $\num^{th}$ subgoal to prove. - \end{Variant} +\emph{This command is deprecated since 8.8: prefer the use of bullets or + focusing brackets instead, including {\tt {\num}: \{}}. + \subsection[\tt Unfocus.]{\tt Unfocus.\comindex{Unfocus}} This command restores to focus the goal that were suspended by the last {\tt Focus} command. +\emph{This command is deprecated since 8.8.} + \subsection[\tt Unfocused.]{\tt Unfocused.\comindex{Unfocused}} -Succeeds in the proof is fully unfocused, fails is there are some +Succeeds in the proof if fully unfocused, fails if there are some goals out of focus. \subsection[\tt \{ \textrm{and} \}]{\tt \{ \textrm{and} \}\comindex{\{}\comindex{\}}}\label{curlybacket} diff --git a/doc/refman/RefMan-sch.tex b/doc/refman/RefMan-sch.tex deleted file mode 100644 index 30724759d2..0000000000 --- a/doc/refman/RefMan-sch.tex +++ /dev/null @@ -1,446 +0,0 @@ -\chapter{Proof schemes} -%HEVEA\cutname{schemes.html} - -\section{Generation of induction principles with {\tt Scheme}} -\label{Scheme} -\index{Schemes} -\comindex{Scheme} - -The {\tt Scheme} command is a high-level tool for generating -automatically (possibly mutual) induction principles for given types -and sorts. Its syntax follows the schema: -\begin{quote} -{\tt Scheme {\ident$_1$} := Induction for \ident'$_1$ Sort {\sort$_1$} \\ - with\\ - \mbox{}\hspace{0.1cm} \dots\\ - with {\ident$_m$} := Induction for {\ident'$_m$} Sort - {\sort$_m$}} -\end{quote} -where \ident'$_1$ \dots\ \ident'$_m$ are different inductive type -identifiers belonging to the same package of mutual inductive -definitions. This command generates {\ident$_1$}\dots{} {\ident$_m$} -to be mutually recursive definitions. Each term {\ident$_i$} proves a -general principle of mutual induction for objects in type {\term$_i$}. - -\begin{Variants} -\item {\tt Scheme {\ident$_1$} := Minimality for \ident'$_1$ Sort {\sort$_1$} \\ - with\\ - \mbox{}\hspace{0.1cm} \dots\ \\ - with {\ident$_m$} := Minimality for {\ident'$_m$} Sort - {\sort$_m$}} - - Same as before but defines a non-dependent elimination principle more - natural in case of inductively defined relations. - -\item {\tt Scheme Equality for \ident$_1$\comindex{Scheme Equality}} - - Tries to generate a Boolean equality and a proof of the - decidability of the usual equality. If \ident$_i$ involves - some other inductive types, their equality has to be defined first. - -\item {\tt Scheme Induction for \ident$_1$ Sort {\sort$_1$} \\ - with\\ - \mbox{}\hspace{0.1cm} \dots\\ - with Induction for {\ident$_m$} Sort - {\sort$_m$}} - - If you do not provide the name of the schemes, they will be automatically - computed from the sorts involved (works also with Minimality). - -\end{Variants} -\label{Scheme-examples} - -\firstexample -\example{Induction scheme for \texttt{tree} and \texttt{forest}} - -The definition of principle of mutual induction for {\tt tree} and -{\tt forest} over the sort {\tt Set} is defined by the command: - -\begin{coq_eval} -Reset Initial. -Variables A B : Set. -\end{coq_eval} - -\begin{coq_example*} -Inductive tree : Set := - node : A -> forest -> tree -with forest : Set := - | leaf : B -> forest - | cons : tree -> forest -> forest. - -Scheme tree_forest_rec := Induction for tree Sort Set - with forest_tree_rec := Induction for forest Sort Set. -\end{coq_example*} - -You may now look at the type of {\tt tree\_forest\_rec}: - -\begin{coq_example} -Check tree_forest_rec. -\end{coq_example} - -This principle involves two different predicates for {\tt trees} and -{\tt forests}; it also has three premises each one corresponding to a -constructor of one of the inductive definitions. - -The principle {\tt forest\_tree\_rec} shares exactly the same -premises, only the conclusion now refers to the property of forests. - -\begin{coq_example} -Check forest_tree_rec. -\end{coq_example} - -\example{Predicates {\tt odd} and {\tt even} on naturals} - -Let {\tt odd} and {\tt even} be inductively defined as: - -% Reset Initial. -\begin{coq_eval} -Open Scope nat_scope. -\end{coq_eval} - -\begin{coq_example*} -Inductive odd : nat -> Prop := - oddS : forall n:nat, even n -> odd (S n) -with even : nat -> Prop := - | evenO : even 0 - | evenS : forall n:nat, odd n -> even (S n). -\end{coq_example*} - -The following command generates a powerful elimination -principle: - -\begin{coq_example} -Scheme odd_even := Minimality for odd Sort Prop - with even_odd := Minimality for even Sort Prop. -\end{coq_example} - -The type of {\tt odd\_even} for instance will be: - -\begin{coq_example} -Check odd_even. -\end{coq_example} - -The type of {\tt even\_odd} shares the same premises but the -conclusion is {\tt (n:nat)(even n)->(Q n)}. - -\subsection{Automatic declaration of schemes -\optindex{Boolean Equality Schemes} -\optindex{Elimination Schemes} -\optindex{Nonrecursive Elimination Schemes} -\optindex{Record Elimination Schemes} -\optindex{Case Analysis Schemes} -\optindex{Decidable Equality Schemes} -\optindex{Rewriting Schemes} -\label{set-nonrecursive-elimination-schemes} -} - -It is possible to deactivate the automatic declaration of the induction - principles when defining a new inductive type with the - {\tt Unset Elimination Schemes} command. It may be -reactivated at any time with {\tt Set Elimination Schemes}. - -The types declared with the keywords {\tt Variant} (see~\ref{Variant}) -and {\tt Record} (see~\ref{Record}) do not have an automatic -declaration of the induction principles. It can be activated with the -command {\tt Set Nonrecursive Elimination Schemes}. It can be -deactivated again with {\tt Unset Nonrecursive Elimination Schemes}. -{\tt Record Elimination Schemes} is a deprecated alias of {\tt Nonrecursive Elimination Schemes}. - -In addition, the {\tt Case Analysis Schemes} flag governs the generation of -case analysis lemmas for inductive types, i.e. corresponding to the -pattern-matching term alone and without fixpoint. -\\ - -You can also activate the automatic declaration of those Boolean equalities -(see the second variant of {\tt Scheme}) -with respectively the commands {\tt Set Boolean Equality Schemes} and -{\tt Set Decidable Equality Schemes}. -However you have to be careful with this option since -\Coq~ may now reject well-defined inductive types because it cannot compute -a Boolean equality for them. - -The {\tt Rewriting Schemes} flag governs generation of equality -related schemes such as congruence. - -\subsection{\tt Combined Scheme} -\label{CombinedScheme} -\comindex{Combined Scheme} - -The {\tt Combined Scheme} command is a tool for combining -induction principles generated by the {\tt Scheme} command. -Its syntax follows the schema : -\begin{quote} -{\tt Combined Scheme {\ident$_0$} from {\ident$_1$}, .., {\ident$_n$}} -\end{quote} -where -\ident$_1$ \ldots \ident$_n$ are different inductive principles that must belong to -the same package of mutual inductive principle definitions. This command -generates {\ident$_0$} to be the conjunction of the principles: it is -built from the common premises of the principles and concluded by the -conjunction of their conclusions. - -\Example -We can define the induction principles for trees and forests using: -\begin{coq_example} -Scheme tree_forest_ind := Induction for tree Sort Prop - with forest_tree_ind := Induction for forest Sort Prop. -\end{coq_example} - -Then we can build the combined induction principle which gives the -conjunction of the conclusions of each individual principle: -\begin{coq_example} -Combined Scheme tree_forest_mutind from tree_forest_ind, forest_tree_ind. -\end{coq_example} - -The type of {\tt tree\_forest\_mutrec} will be: -\begin{coq_example} -Check tree_forest_mutind. -\end{coq_example} - -\section{Generation of induction principles with {\tt Functional Scheme}} -\label{FunScheme} -\comindex{Functional Scheme} - -The {\tt Functional Scheme} command is a high-level experimental -tool for generating automatically induction principles -corresponding to (possibly mutually recursive) functions. -First, it must be made available via {\tt Require Import FunInd}. - Its -syntax then follows the schema: -\begin{quote} -{\tt Functional Scheme {\ident$_1$} := Induction for \ident'$_1$ Sort {\sort$_1$} \\ - with\\ - \mbox{}\hspace{0.1cm} \dots\ \\ - with {\ident$_m$} := Induction for {\ident'$_m$} Sort - {\sort$_m$}} -\end{quote} -where \ident'$_1$ \dots\ \ident'$_m$ are different mutually defined function -names (they must be in the same order as when they were defined). -This command generates the induction principles -\ident$_1$\dots\ident$_m$, following the recursive structure and case -analyses of the functions \ident'$_1$ \dots\ \ident'$_m$. - -\Rem -There is a difference between obtaining an induction scheme by using -\texttt{Functional Scheme} on a function defined by \texttt{Function} -or not. Indeed \texttt{Function} generally produces smaller -principles, closer to the definition written by the user. - -\firstexample -\example{Induction scheme for \texttt{div2}} -\label{FunScheme-examples} - -We define the function \texttt{div2} as follows: - -\begin{coq_eval} -Reset Initial. -Require Import FunInd. -\end{coq_eval} - -\begin{coq_example*} -Require Import Arith. -Fixpoint div2 (n:nat) : nat := - match n with - | O => 0 - | S O => 0 - | S (S n') => S (div2 n') - end. -\end{coq_example*} - -The definition of a principle of induction corresponding to the -recursive structure of \texttt{div2} is defined by the command: - -\begin{coq_example} -Functional Scheme div2_ind := Induction for div2 Sort Prop. -\end{coq_example} - -You may now look at the type of {\tt div2\_ind}: - -\begin{coq_example} -Check div2_ind. -\end{coq_example} - -We can now prove the following lemma using this principle: - -\begin{coq_example*} -Lemma div2_le' : forall n:nat, div2 n <= n. -intro n. - pattern n , (div2 n). -\end{coq_example*} - -\begin{coq_example} -apply div2_ind; intros. -\end{coq_example} - -\begin{coq_example*} -auto with arith. -auto with arith. -simpl; auto with arith. -Qed. -\end{coq_example*} - -We can use directly the \texttt{functional induction} -(\ref{FunInduction}) tactic instead of the pattern/apply trick: -\tacindex{functional induction} - -\begin{coq_example*} -Reset div2_le'. -Lemma div2_le : forall n:nat, div2 n <= n. -intro n. -\end{coq_example*} - -\begin{coq_example} -functional induction (div2 n). -\end{coq_example} - -\begin{coq_example*} -auto with arith. -auto with arith. -auto with arith. -Qed. -\end{coq_example*} - -\Rem There is a difference between obtaining an induction scheme for a -function by using \texttt{Function} (see Section~\ref{Function}) and by -using \texttt{Functional Scheme} after a normal definition using -\texttt{Fixpoint} or \texttt{Definition}. See \ref{Function} for -details. - - -\example{Induction scheme for \texttt{tree\_size}} - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - -We define trees by the following mutual inductive type: - -\begin{coq_example*} -Variable A : Set. -Inductive tree : Set := - node : A -> forest -> tree -with forest : Set := - | empty : forest - | cons : tree -> forest -> forest. -\end{coq_example*} - -We define the function \texttt{tree\_size} that computes the size -of a tree or a forest. Note that we use \texttt{Function} which -generally produces better principles. - -\begin{coq_example*} -Require Import FunInd. -Function tree_size (t:tree) : nat := - match t with - | node A f => S (forest_size f) - end - with forest_size (f:forest) : nat := - match f with - | empty => 0 - | cons t f' => (tree_size t + forest_size f') - end. -\end{coq_example*} - -\Rem \texttt{Function} generates itself non mutual induction -principles {\tt tree\_size\_ind} and {\tt forest\_size\_ind}: - -\begin{coq_example} -Check tree_size_ind. -\end{coq_example} - -The definition of mutual induction principles following the recursive -structure of \texttt{tree\_size} and \texttt{forest\_size} is defined -by the command: - -\begin{coq_example*} -Functional Scheme tree_size_ind2 := Induction for tree_size Sort Prop -with forest_size_ind2 := Induction for forest_size Sort Prop. -\end{coq_example*} - -You may now look at the type of {\tt tree\_size\_ind2}: - -\begin{coq_example} -Check tree_size_ind2. -\end{coq_example} - -\section{Generation of inversion principles with \tt Derive Inversion} -\label{Derive-Inversion} -\comindex{Derive Inversion} - -The syntax of {\tt Derive Inversion} follows the schema: -\begin{quote} -{\tt Derive Inversion {\ident} with forall - $(\vec{x} : \vec{T})$, $I~\vec{t}$ Sort \sort} -\end{quote} - -This command generates an inversion principle for the -\texttt{inversion \dots\ using} tactic. -\tacindex{inversion \dots\ using} -Let $I$ be an inductive predicate and $\vec{x}$ the variables -occurring in $\vec{t}$. This command generates and stocks the -inversion lemma for the sort \sort~ corresponding to the instance -$\forall (\vec{x}:\vec{T}), I~\vec{t}$ with the name {\ident} in the {\bf -global} environment. When applied, it is equivalent to having inverted -the instance with the tactic {\tt inversion}. - -\begin{Variants} -\item \texttt{Derive Inversion\_clear {\ident} with forall - $(\vec{x}:\vec{T})$, $I~\vec{t}$ Sort \sort}\\ - \comindex{Derive Inversion\_clear} - When applied, it is equivalent to having - inverted the instance with the tactic \texttt{inversion} - replaced by the tactic \texttt{inversion\_clear}. -\item \texttt{Derive Dependent Inversion {\ident} with forall - $(\vec{x}:\vec{T})$, $I~\vec{t}$ Sort \sort}\\ - \comindex{Derive Dependent Inversion} - When applied, it is equivalent to having - inverted the instance with the tactic \texttt{dependent inversion}. -\item \texttt{Derive Dependent Inversion\_clear {\ident} with forall - $(\vec{x}:\vec{T})$, $I~\vec{t}$ Sort \sort}\\ - \comindex{Derive Dependent Inversion\_clear} - When applied, it is equivalent to having - inverted the instance with the tactic \texttt{dependent inversion\_clear}. -\end{Variants} - -\Example - -Let us consider the relation \texttt{Le} over natural numbers and the -following variable: - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - -\begin{coq_example*} -Inductive Le : nat -> nat -> Set := - | LeO : forall n:nat, Le 0 n - | LeS : forall n m:nat, Le n m -> Le (S n) (S m). -Variable P : nat -> nat -> Prop. -\end{coq_example*} - -To generate the inversion lemma for the instance -\texttt{(Le (S n) m)} and the sort \texttt{Prop}, we do: - -\begin{coq_example*} -Derive Inversion_clear leminv with (forall n m:nat, Le (S n) m) Sort Prop. -\end{coq_example*} - -\begin{coq_example} -Check leminv. -\end{coq_example} - -Then we can use the proven inversion lemma: - -\begin{coq_eval} -Lemma ex : forall n m:nat, Le (S n) m -> P n m. -intros. -\end{coq_eval} - -\begin{coq_example} -Show. -\end{coq_example} - -\begin{coq_example} -inversion H using leminv. -\end{coq_example} - diff --git a/doc/refman/RefMan-ssr.tex b/doc/refman/RefMan-ssr.tex deleted file mode 100644 index 31dabcdd4e..0000000000 --- a/doc/refman/RefMan-ssr.tex +++ /dev/null @@ -1,4933 +0,0 @@ -\achapter{The SSReflect proof language} -%HEVEA\cutname{ssreflect.html} -\aauthor{Georges Gonthier, Assia Mahboubi, Enrico Tassi} - -\newcommand{\ssr}{{\sc SSReflect}} - -% listing -\ifhevea\newcommand{\ssrC}[1]{\texttt{#1}}\else\newcommand{\ssrC}[1]{\text{\lstinline!#1!}}\fi -\ifhevea\renewenvironment{center}{\@open{div}{class="center"}\@open{div}{class="centered"}}{\@close{div}\@close{div}}\fi -% non-terminal -%\newcommand\ssrN[2][]{\ensuremath{\langle\mbox{\itshape\rmfamily\small #2}\rangle_{#1}}} -\newcommand\ssrN[2][]{{\textsl {#2}}\ensuremath{_{#1}}} -\ifhevea\newcommand{\underbar}[1]{\underline{#1}}\fi - -% TODO: only use \ssrC -\let\ssrL=\lstinline - -\newcommand{\iitem}{{\it i-item}} -\newcommand{\ditem}{{\it d-item}} -\newcommand{\optional}[1]{{\it[}#1{\it]}} -\newcommand{\optsep}{{\it|}} -\newcommand{\idx}[1]{\tacindex{#1 (ssreflect)}} -\newcommand{\idxC}[1]{\comindex{#1 (ssreflect)}} - -\newenvironment{new}% - {\begin{Sbox}\begin{minipage}{0.97\textwidth}% - \begin{flushright}\textcolor{red}{\fbox{Version 1.3}}% - \end{flushright}\noindent}% - {\end{minipage}\end{Sbox}\noindent\doublebox{\TheSbox}} -\section{Introduction}\label{sec:intro} - -This chapter describes a set of tactics known as \ssr{} -originally designed to provide support for the so-called \emph{small scale -reflection} proof methodology. Despite the original purpose this set of tactic -is of general interest and is available in Coq starting from version 8.7. - -\ssr{} was developed independently of the tactics described in -Chapter~\ref{Tactics}. Indeed the scope of the tactics part of -\ssr{} largely overlaps with the standard set of tactics. Eventually -the overlap will be reduced in future releases of Coq. - -Proofs written in \ssr{} typically look quite different from the -ones written using only tactics as per Chapter~\ref{Tactics}. -We try to summarise here the most ``visible'' ones in order to -help the reader already accustomed to the tactics described in -Chapter~\ref{Tactics} to read this chapter. - -The first difference between the tactics described in this -chapter and the tactics described in Chapter~\ref{Tactics} is the way -hypotheses are managed (we call this \emph{bookkeeping}). -In Chapter~\ref{Tactics} the most common -approach is to avoid moving explicitly hypotheses back and forth -between the context and the conclusion of the goal. On the contrary -in \ssr{} -all bookkeeping is performed on the conclusion of the goal, using for -that purpose a couple of syntactic constructions behaving similar to -tacticals (and often named as such in this chapter). -The \ssrC{:} tactical moves hypotheses from the context to the -conclusion, while \ssrC{=>} moves hypotheses from the -conclusion to the context, and \ssrC{in} moves back -and forth an hypothesis from the context to the conclusion for the -time of applying an action to it. - -While naming hypotheses is commonly done by means of an \ssrC{as} -clause in the basic model of Chapter~\ref{Tactics}, it is here to -\ssrC{=>} that this task is devoted. As tactics leave -new assumptions in the conclusion, and are often followed by -\ssrC{=>} to explicitly name them. -While generalizing the goal is normally -not explicitly needed in Chapter~\ref{Tactics}, it is an explicit -operation performed by \ssrC{:}. - -Beside the difference of bookkeeping model, this chapter includes -specific tactics which have no explicit counterpart in -Chapter~\ref{Tactics} such as tactics to mix forward steps and -generalizations as \ssrC{generally have} or \ssrC{without loss}. - -\ssr{} adopts the point of view that rewriting, definition -expansion and partial evaluation participate all to a same concept of -rewriting a goal in a larger sense. As such, all these functionalities are -provided by the \ssrC{rewrite} tactic. - -\ssr{} includes a little language of patterns to select subterms in tactics -or tacticals where it matters. Its most notable application -is in the \ssrC{rewrite} tactic, where patterns are used to specify -where the rewriting step has to take place. - -Finally, \ssr{} supports so-called reflection steps, typically -allowing to switch back and forth between the computational view and -logical view of a concept. - -To conclude it is worth mentioning that \ssr{} tactics -can be mixed with non \ssr{} tactics in the same proof, -or in the same Ltac expression. The few exceptions -to this statement are described in section~\ref{sec:compat}. - -\iffalse -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection*{How to read this documentation} - -The syntax of the tactics is presented as follows: -\begin{itemize} -\item \ssrC{terminals} are in typewriter font and \ssrN{non terminals} are - between angle brackets. -\item Optional parts of the grammar are surrounded by \optional{ } - brackets. These should not be confused with verbatim brackets - \ssrC{[ ]}, which are delimiters in the \ssr{} syntax. -\item A vertical rule {\optsep} indicates an alternative in the syntax, and - should not be confused with a - verbatim vertical rule between verbatim brackets \ssrC{[ | ]}. -\item A non empty list of non terminals (at least one item should be - present) is represented by \ssrN{non terminals}$^+$. A possibly empty - one is represented by \ssrN{non terminals}$^*$. -\item In a non empty list of non terminals, items are separated by blanks. -\end{itemize} -\fi - -% Hevea has no colors -\ifhevea \else -\noindent We follow the default color scheme of the \ssr{} mode for -ProofGeneral provided in the distribution: - -\centerline{ -\textcolor{dkblue}{\texttt{tactic}} or \textcolor{dkviolet}{\tt - Command} or \textcolor{dkgreen}{\tt keyword} or -\textcolor{dkpink}{\tt tactical}} - -\noindent Closing tactics/tacticals like \ssrC{exact} or \ssrC{by} (see section -\ref{ssec:termin}) are in red. -\fi - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection*{Acknowledgments} -The authors would like to thank Frédéric Blanqui, François Pottier -and Laurence Rideau for their comments and suggestions. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\newpage\section{Usage} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Getting started}\label{sec:files} -To be available, the tactics presented in this manual need the -following minimal set of libraries to loaded: {\tt ssreflect.v}, {\tt -ssrfun.v} and {\tt ssrbool.v}. Moreover, these tactics come with a -methodology specific to the authors of Ssreflect and which requires a -few options to be set in a different way than in their default -way. All in all, this corresponds to working in the following context: - -\begin{lstlisting} - From Coq Require Import ssreflect ssrfun ssrbool. - Set Implicit Arguments. - Unset Strict Implicit. - Unset Printing Implicit Defensive. -\end{lstlisting} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Compatibility issues}\label{sec:compat} -Requiring the above modules creates an environment which -is mostly compatible with the rest of \Coq{}, up to a few discrepancies: -\begin{itemize} -\item New keywords (\ssrC{is}) might clash with variable, constant, -tactic or tactical names, or with quasi-keywords in tactic or -vernacular notations. -\item New tactic(al)s names (\ssrC{last}, \ssrC{done}, \ssrC{have}, - \ssrC{suffices}, \ssrC{suff}, - \ssrC{without loss}, \ssrC{wlog}, \ssrC{congr}, \ssrC{unlock}) might clash - with user tactic names. -\item Identifiers with both leading and trailing \ssrC{_}, such as \ssrC{_x_}, -are reserved by \ssr{} and cannot appear in scripts. -\item The extensions to the \ssrC{rewrite} tactic are partly -incompatible with those available in current versions of \Coq{}; -in particular: -\ssrC{rewrite .. in (type of k)} or \\ \ssrC{rewrite .. in *} or any other -variant of \ssrC{rewrite} will not work, and the \ssr{} syntax and semantics for occurrence selection and -rule chaining is different. - -Use an explicit rewrite direction (\ssrC{rewrite <-} $\dots$ or \ssrC{rewrite ->} $\dots$) -to access the \Coq{} \ssrC{rewrite} tactic. -\item New symbols (\ssrC{//, /=, //=}) might clash with adjacent existing - symbols (e.g., '\ssrC{//}') instead of '\ssrC{/}''\ssrC{/}'). This can be avoided - by inserting white spaces. -\item New constant and theorem names might clash with the user -theory. This can be avoided by not importing all of \ssr{}: -\begin{lstlisting} - From Coq Require ssreflect. - Import ssreflect.SsrSyntax. -\end{lstlisting} -Note that the full syntax of \ssr{}'s {\tt rewrite} and reserved identifiers are -enabled only if the \ssrC{ssreflect} module has been required and if -\ssrC{SsrSyntax} has been imported. Thus a file that requires (without importing) - \ssrC{ssreflect} and imports \ssrC{SsrSyntax}, can be -required and imported without automatically enabling \ssr{}'s -extended rewrite syntax and reserved identifiers. -\item Some user notations (in particular, defining an infix ';') might -interfere with the "open term", parenthesis free, syntax of tactics -such as \ssrC{have}, \ssrC{set} and \ssrC{pose}. -\item The generalization of \ssrC{if} statements to non-Boolean -conditions is turned off by \ssr{}, because it is mostly subsumed by -\ssrC{Coercion} to \ssrC{bool} of the \ssrC{sum}XXX types (declared in -\ssrC{ssrfun.v}) -and the \ssrC{if} {\term} \ssrC{is} \ssrN{pattern} \ssrC{then} {\term} \ssrC{else} {\term} construct (see -\ref{ssec:patcond}). To use the generalized form, turn off the \ssr{} -Boolean \ssrC{if} notation using the command: -\begin{lstlisting} - Close Scope boolean_if_scope. -\end{lstlisting} -\item The following two options can be unset to disable the - incompatible \ssrC{rewrite} syntax and allow - reserved identifiers to appear in scripts. -\begin{lstlisting} - Unset SsrRewrite. - Unset SsrIdents. -\end{lstlisting} -\end{itemize} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\section{Gallina extensions} - -Small-scale reflection makes an extensive use of the programming -subset of Gallina, \Coq{}'s logical specification language. This subset -is quite suited to the description of functions on representations, -because it closely follows the well-established design of the ML -programming language. The \ssr{} extension provides three additions -to Gallina, for pattern assignment, pattern testing, and polymorphism; -these mitigate minor but annoying discrepancies between Gallina and ML. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Pattern assignment}\label{ssec:patass} -The \ssr{} extension provides the following construct for -irrefutable pattern matching, that is, destructuring assignment: - -\ssrC{let: } \ssrN{pattern} \ssrC{:=} \ssrN[1]{term} \ssrC{in} \ssrN[2]{term} - -Note the colon `\ssrC{:}' after the \ssrC{let} keyword, which avoids any -ambiguity with a function -definition or \Coq{}'s basic destructuring \ssrC{let}. The \ssrC{let:} -construct differs from the latter in that -\begin{itemize} -\item The pattern can be nested (deep pattern matching), in - particular, this allows expression of the form: -\begin{lstlisting} - let: exist (x, y) p_xy := Hp in ... -\end{lstlisting} -\item The destructured constructor is explicitly given in the - pattern, and is used for type inference, e.g., -\begin{lstlisting} - Let f u := let: (m, n) := u in m + n. -\end{lstlisting} -using a colon \ssrC{let:}, infers \ssrC{f : nat * nat -> nat}, whereas -\begin{lstlisting} - Let f u := let (m, n) := u in m + n. -\end{lstlisting} -with a usual \ssrC{let}, requires an extra type annotation. -\end{itemize} -The \ssrC{let:} construct is just (more legible) notation for the primitive Gallina expression - -\begin{center} -\ssrC{match} \ssrN[1]{term} \ssrC{with} \ssrN{pattern} \ssrC{=>} \ssrN[2]{term} \ssrC{end} -\end{center} - -The \ssr{} destructuring assignment supports all the dependent match -annotations; the full syntax is - -\begin{center} -\ssrC{let:} \ssrN[1]{pattern} \ssrC{as} \ssrN{ident} \ssrC{in} \ssrN[2]{pattern} \ssrC{:=} \ssrN[1]{term} \ssrC{return} \ssrN[2]{term} \ssrC{in} \ssrN[3]{term} -\end{center} - -where \ssrN[2]{pattern} is a \emph{type} pattern and \ssrN[1]{term} and -\ssrN[2]{term} are types. - -When the \ssrC{as} and \ssrC{return} are both present, then \ssrN{ident} is bound -in both the type \ssrN[2]{term} and the expression \ssrN[3]{term}; -variables in the optional type pattern \ssrN[2]{pattern} are -bound only in the type \ssrN[2]{term}, and other variables in \ssrN[1]{pattern} are -bound only in the expression \ssrN[3]{term}, however. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Pattern conditional}\label{ssec:patcond} -The following construct can be used for a refutable pattern matching, -that is, pattern testing: - -\begin{center} -\ssrC{if}\ \ssrN[1]{term} \ssrC{is} \ssrN[1]{pattern} \ssrC{then} \ssrN[2]{term} \ssrC{else} \ssrN[3]{term} -\end{center} - -Although this construct is not strictly ML (it does exits in variants -such as the pattern calculus or the $\rho$-calculus), it turns out to be -very convenient for writing functions on representations, -because most such functions manipulate simple datatypes such as Peano -integers, options, -lists, or binary trees, and the pattern conditional above is almost -always the right construct -for analyzing such simple types. For example, the \ssrC{null} and -\ssrC{all} list function(al)s can be defined as follows: -\begin{lstlisting} - Variable d: Set. - Fixpoint |*null*| (s : list d) := if s is nil then true else false. - Variable a : d -> bool. - Fixpoint |*all*| (s : list d) : bool := - if s is cons x s' then a x && all s' else true. -\end{lstlisting} - -The pattern conditional also provides a notation for destructuring -assignment with a refutable pattern, adapted to the pure functional -setting of Gallina, which lacks a \\\texttt{Match\_Failure} exception. - -Like \ssrC{let:} above, the \ssrC{if}$\dots$\ssrC{is} construct is just (more legible) -notation for the primitive Gallina expression: - -\begin{center} -\ssrC{match} \ssrN[1]{term} \ssrC{with} \ssrN{pattern} \ssrC{=>} \ssrN[2]{term} \ssrC{| _ =>} \ssrN[2]{term} \ssrC{end} -\end{center} - -Similarly, it will always be displayed as the expansion of this form -in terms of primitive \ssrC{match} expressions (where the default -expression $\ssrN[3]{term}$ may be replicated). - - -Explicit pattern testing also largely subsumes the generalization of -the \ssrC{if} construct to all binary datatypes; compare: - -\begin{center} -\ssrC{if} {\term} \ssrC{is inl _ then} \ssrN[l]{term} \ssrC{else} \ssrN[r]{term} -\end{center} - -and: - -\begin{center} -\ssrC{if} {\term} \ssrC{then} \ssrN[l]{term} \ssrC{else} \ssrN[r]{term} -\end{center} - -The latter appears to be marginally shorter, but it is quite -ambiguous, and indeed often -requires an explicit annotation term : \ssrC{\{_\}+\{_\}} to type-check, -which evens the character count. - -Therefore, \ssr{} restricts by default the condition of a plain \ssrC{if} -construct to the standard \ssrC{bool} type; this avoids spurious type -annotations, e.g., in: -\begin{lstlisting} - Definition |*orb*| b1 b2 := if b1 then true else b2. -\end{lstlisting} -As pointed out in section~\ref{sec:compat}, this restriction can be removed with -the command: -\begin{lstlisting} - Close Scope boolean_if_scope. -\end{lstlisting} -Like \ssrC{let:} above, the \ssrC{if} {\term} \ssrC{is} \ssrN{pattern} -\ssrC{else} {\term} construct -supports the dependent \ssrC{match} annotations: - -\begin{center} -\ssrC{if} \ssrN[1]{term} \ssrC{is} \ssrN[1]{pattern} \ssrC{as} \ssrN{ident} \ssrC{in} \ssrN[2]{pattern} \ssrC{return} \ssrN[2]{term} \ssrC{then} \ssrN[3]{term} \ssrC{else} \ssrN[4]{term} -\end{center} - -As in \ssrC{let:} the variable \ssrN{ident} (and those in -the type pattern \ssrN[2]{pattern}) are bound in \ssrN[2]{term}; \ssrN{ident} is -also bound in \ssrN[3]{term} (but not in \ssrN[4]{term}), while the -variables in \ssrN[1]{pattern} are bound only in \ssrN[3]{term}. - -\noindent -Another variant allows to treat the else case first: - -\begin{center} -\ssrC{if} \ssrN[1]{term} \ssrC{isn't} \ssrN[1]{pattern} \ssrC{then} \ssrN[2]{term} \ssrC{else} \ssrN[3]{term} -\end{center} - -Note that \ssrN[1]{pattern} eventually binds variables in \ssrN[3]{term} -and not \ssrN[2]{term}. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Parametric polymorphism}\label{ssec:parampoly} - -Unlike ML, polymorphism in core Gallina is explicit: the type -parameters of polymorphic functions must be declared explicitly, and -supplied at each point of use. However, \Coq{} provides two features -to suppress redundant parameters: -\begin{itemize} -\item Sections are used to provide (possibly implicit) parameters for - a set of definitions. -\item Implicit arguments declarations are used to tell \Coq{} to use - type inference to deduce some parameters from the context at each - point of call. -\end{itemize} -The combination of these features provides a fairly good emulation of ML-style -polymorphism, but unfortunately this emulation breaks down for -higher-order programming. Implicit arguments are indeed not inferred -at all points of use, but only at -points of call, leading to expressions such as -\begin{lstlisting} - Definition |*all_null*| (s : list T) := all (@null T) s. -\end{lstlisting} -Unfortunately, such higher-order expressions are quite frequent in -representation functions, especially those which use \Coq{}'s -\ssrC{Structure}s to emulate Haskell type classes. - -Therefore, \ssr{} provides a variant of \Coq{}'s implicit argument -declaration, which causes \Coq{} to fill in some implicit parameters -at each point of use, e.g., the above definition can be written: -\begin{lstlisting} - Definition |*all_null*| (s : list d) := all null s. -\end{lstlisting} -Better yet, it can be omitted entirely, since \ssrC{all_null s} isn't -much of an improvement over \ssrC{all null s}. - -The syntax of the new declaration is - -\begin{center} -\ssrC{Prenex Implicits} \ssrN{ident}$^+$. -\end{center} - -Let us denote $_1 \dots c_n$ the list of identifiers given to a -\ssrC{Prenex Implicits} command. -The command checks that each $c_i$ is the name of a functional -constant, whose implicit arguments are prenex, i.e., the first $n_i > -0$ arguments of $c_i$ are implicit; then it assigns -\ssrC{Maximal Implicit} status to these arguments. - -As these prenex implicit arguments are ubiquitous and have often large -display strings, it is strongly recommended to change the default -display settings of \Coq{} so that they are not printed (except after a -\ssrC{Set Printing All} command). -All \ssr{} library files thus start with the incantation -\begin{lstlisting} - Set Implicit Arguments. - Unset Strict Implicit. - Unset Printing Implicit Defensive. -\end{lstlisting} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Anonymous arguments} - -When in a definition, the type of a certain argument is mandatory, but -not its name, one usually use ``arrow'' abstractions for prenex -arguments, or the \ssrC{(_ : }{\term}\ssrC{)} syntax for inner arguments. -In \ssr{}, the latter can be replaced by the open syntax `\ssrC{of\ }{\term}' -or (equivalently) `\ssrC{& }{\term}', which are both syntactically -equivalent to a \ssrC{(_ : }{\term}\ssrC{)} expression. - -For instance, the usual two-contrsuctor polymorphic type \ssrC{list}, -i.e. the one of the -standard {\tt List} library, can be defined by the following -declaration: -\begin{lstlisting} - Inductive list (A : Type) : Type := nil | cons of A & list A. -\end{lstlisting} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Wildcards}\label{ssec:wild} - -The terms passed as arguments -to \ssr{} tactics can contain \emph{holes}, materialized by wildcards -\ssrC{_}. -Since \ssr{} allows a more powerful form of type inference for these -arguments, it enhances the possibilities of using such wildcards. -These holes are in particular used as a convenient shorthand for -abstractions, especially in local definitions or type expressions. - -Wildcards may be interpreted as abstractions (see for example sections -\ref{ssec:pose} and \ref{ssec:struct}), or their content can be -inferred from the whole -context of the goal (see for example section \ref{ssec:set}). -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\section{Definitions} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Definitions}\label{ssec:pose} -\idx{pose \dots{} := \dots{}} -\idx{pose fix \dots{} := \dots{}} -\idx{pose cofix \dots{} := \dots{}} - -The \ssrC{pose} tactic allows to add a defined constant to a -proof context. \ssr{} generalizes this tactic in several ways. -In particular, the \ssr{} \ssrC{pose} tactic supports \emph{open syntax}: -the body of -the definition does not need surrounding parentheses. For instance: -\begin{lstlisting} - pose t := x + y. -\end{lstlisting} -is a valid tactic expression. - -The \ssrC{pose} tactic is also improved for the -local definition of higher order terms. -Local definitions of functions can use the same syntax as -global ones. The tactic: -\begin{lstlisting} - pose f x y := x + y. -\end{lstlisting} -adds to the context the defined constant: -\begin{lstlisting} - f := fun x y : nat => x + y : nat -> nat -> nat -\end{lstlisting} - -The \ssr{} \ssrC{pose} tactic also supports (co)fixpoints, -by providing the local counterpart of the -\ssrC{Fixpoint f := $\dots$ } and \ssrC{CoFixpoint f := $\dots$ } constructs. -For instance, the following tactic: -\begin{lstlisting} - pose fix f (x y : nat) {struct x} : nat := - if x is S p then S (f p y) else 0. -\end{lstlisting} -defines a local fixpoint \ssrC{f}, which mimics the standard \ssrC{plus} -operation on natural numbers. - -Similarly, local cofixpoints can be defined by a tactic of the form: -\begin{lstlisting} - pose cofix f (arg : T) ... -\end{lstlisting} - -The possibility to include wildcards in the body of the definitions - offers a smooth -way of defining local abstractions. The type of ``holes'' is -guessed by type inference, and the holes are abstracted. -For instance the tactic: -\begin{lstlisting} - pose f := _ + 1. -\end{lstlisting} -is shorthand for: -\begin{lstlisting} - pose f n := n + 1. -\end{lstlisting} - -When the local definition of a function involves both arguments and -holes, hole abstractions appear first. For instance, the -tactic: -\begin{lstlisting} - pose f x := x + _. -\end{lstlisting} -is shorthand for: -\begin{lstlisting} - pose f n x := x + n. -\end{lstlisting} - - -The interaction of the \ssrC{pose} tactic with the interpretation of -implicit arguments results in a powerful and concise syntax for local -definitions involving dependent types. -For instance, the tactic: -\begin{lstlisting} - pose f x y := (x, y). -\end{lstlisting} -adds to the context the local definition: -\begin{lstlisting} - pose f (Tx Ty : Type) (x : Tx) (y : Ty) := (x, y). -\end{lstlisting} -The generalization of wildcards makes the use of the \ssrC{pose} tactic -resemble ML-like definitions of polymorphic functions. - -% The use of \ssrC{Prenex Implicits} declarations (see section -% \ref{ssec:parampoly}), makes this feature specially convenient. -% Note that this combines with the interpretation of wildcards, and that -% it is possible to define: -% \begin{lstlisting} -% pose g x y : prod _ nat := (x, y). -% \end{lstlisting} -% which is equivalent to: -% \begin{lstlisting} -% pose g x (y : nat) := (x, y). -% \end{lstlisting} - - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Abbreviations}\label{ssec:set} -\idx{set \dots{} := \dots{}} - - -The \ssr{} \ssrC{set} tactic performs abbreviations: it introduces a -defined constant for a subterm appearing in the goal and/or in the -context. - -\ssr{} extends the \ssrC{set} tactic by supplying: -\begin{itemize} -\item an open syntax, similarly to the \ssrC{pose} tactic; -\item a more aggressive matching algorithm; -\item an improved interpretation of wildcards, taking advantage of the - matching algorithm; -\item an improved occurrence selection mechanism allowing to abstract only - selected occurrences of a term. -\end{itemize} - -The general syntax of this tactic is -\begin{center} -\ssrC{set} \ssrN{ident} \optional{\ssrC{:} \ssrN[1]{term}} \ssrC{:=} \optional{\ssrN{occ-switch}} \ssrN[2]{term} -\end{center} -\begin{center} -\ssrN{occ-switch} ::= \ssrC{\{}[\ssrC{+}|\ssrC{-}] {\naturalnumber}$^*$ \ssrC{\}} -\end{center} - - -where: - -\begin{itemize} -\item \ssrN{ident} is a fresh identifier chosen by the user. -\item \ssrN[1]{term} is -an optional type annotation. The type annotation \ssrN[1]{term} can be -given in open syntax (no surrounding parentheses). If no \ssrN{occ-switch} -(described hereafter) is present, it is also -the case for \ssrN[2]{term}. -On the other hand, in presence of \ssrN{occ-switch}, parentheses -surrounding \ssrN[2]{term} are mandatory. -\item In the occurrence switch \ssrN{occ-switch}, if the first element - of the list is a {\naturalnumber}, this element should be a number, and not - an Ltac variable. The empty list \ssrC{\{\}} is not interpreted as a - valid occurrence switch. -\end{itemize} -% For example, the script: -% \begin{lstlisting} -% Goal forall (f : nat -> nat)(x y : nat), f x + f x = f x. -% move=> f x y. -% \end{lstlisting} - -The tactic: -\begin{lstlisting} - set t := f _. -\end{lstlisting} -transforms the goal \ssrC{f x + f x = f x} into \ssrC{t + t = t}, adding -\ssrC{t := f x} to the context, and the tactic: -\begin{lstlisting} - set t := {2}(f _). -\end{lstlisting} -transforms it into \ssrC{f x + t = f x}, adding \ssrC{t := f x} to the context. - -The type annotation \ssrN[1]{term} may -contain wildcards, which will be filled with the appropriate value by -the matching process. - -The tactic first tries to find a subterm of the goal matching -\ssrN[2]{term} (and its type \ssrN[1]{term}), -and stops at the first subterm it finds. Then the occurrences -of this subterm selected by the optional \ssrN{occ-switch} are replaced -by \ssrN{ident} and a definition \ssrN{ident} \ssrC{:=} {\term} is added to -the context. If no \ssrN{occ-switch} is present, then all the -occurrences are abstracted. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Matching} - -The matching algorithm compares a pattern \textit{term} - with a subterm of the goal by comparing their heads -and then pairwise unifying their arguments (modulo conversion). Head -symbols match under the following conditions: - -\begin{itemize} -\item If the head of \textit{term} is a constant, then it - should be syntactically equal to the head symbol of the subterm. -\item If this head is a projection of a canonical structure, - then canonical structure equations are used for the matching. -\item If the head of \textit{term} is \emph{not} a constant, the - subterm should have the same structure ($\lambda$ abstraction, - \ssrC{let}$\dots$\ssrC{in} structure \dots). -\item If the head of \textit{term} is a hole, the subterm should have - at least as many arguments as \textit{term}. For instance the tactic: -\begin{lstlisting} - set t := _ x. -\end{lstlisting} -transforms the goal \ssrL-x + y = z- into \ssrC{t y = z} and adds -\ssrC{t := plus x : nat -> nat} to the context. - -\item In the special case where \textit{term} is of the form - \ssrC{(let f := }$t_0$ \ssrC{in f) }$t_1\dots t_n$, - then the pattern \textit{term} is treated -as \ssrC{(_ }$t_1\dots t_n$\ssrC{)}. For each subterm in -the goal having the form $(A\ u_1\dots u_{n'})$ with $n' \geq n$, the -matching algorithm successively tries to find the largest -partial application $(A\ u_1\dots u_{i'})$ convertible to the head -$t_0$ of \textit{term}. For instance the following tactic: -\begin{lstlisting} - set t := (let g y z := y.+1 + z in g) 2. -\end{lstlisting} -transforms the goal -\begin{lstlisting} - (let f x y z := x + y + z in f 1) 2 3 = 6. -\end{lstlisting} -into \ssrC{t 3 = 6} and adds the local definition of \ssrC{t} to the -context. -\end{itemize} - -Moreover: -\begin{itemize} -\item Multiple holes in \textit{term} are treated as independent - placeholders. For instance, the tactic: -\begin{lstlisting} - set t := _ + _. -\end{lstlisting} -transforms the goal \ssrC{x + y = z} into \ssrC{t = z} and pushes -\ssrC{t := x + y : nat} in the context. -\item The type of the subterm matched should fit the type - (possibly casted by some type annotations) of the pattern - \textit{term}. -\item The replacement of the subterm found by the instantiated pattern - should not capture variables, hence the following script: -\begin{lstlisting} - Goal forall x : nat, x + 1 = 0. - set u := _ + 1. -\end{lstlisting} -raises an error message, since \ssrC{x} is bound in the goal. -\item Typeclass inference should fill in any residual hole, but -matching should never assign a value to a global existential variable. - -\end{itemize} - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Occurrence selection}\label{sssec:occselect} - -\ssr{} provides a generic syntax for the selection of occurrences by -their position indexes. These \emph{occurrence switches} are shared by -all -\ssr{} tactics which require control on subterm selection like rewriting, -generalization, \dots - -An \emph{occurrence switch} can be: -\begin{itemize} -\item A list \ssrC{\{} {\naturalnumber}$^*$ \ssrC{\}} of occurrences affected by the - tactic. -For instance, the tactic: -\begin{lstlisting} - set x := {1 3}(f 2). -\end{lstlisting} -transforms the goal \ssrC{f 2 + f 8 = f 2 + f 2} into -\ssrC{x + f 8 = f 2 + x}, and adds the abbreviation -\ssrC{x := f 2} in the -context. Notice that some occurrences of a -given term may be hidden to the user, for example because of a -notation. The vernacular \ssrC{$\texttt{\textcolor{dkviolet}{Set }}$ - Printing All} command displays all -these hidden occurrences and should be used to find the correct -coding of the occurrences to be selected\footnote{Unfortunately, -even after a call to the Set Printing All command, some occurrences are -still not displayed to the user, essentially the ones possibly hidden -in the predicate of a dependent match structure.}. For instance, the -following script: -\begin{lstlisting} - Notation "a < b":= (le (S a) b). - Goal forall x y, x < y -> S x < S y. - intros x y; set t := S x. -\end{lstlisting} -generates the goal -\ssrC{t <= y -> t < S y} since \ssrC{x < y} is now a notation for -\ssrC{S x <= y}. -\item A list \ssrC{\{}{\naturalnumber}$^+$\ssrC{\}}. This is equivalent to - \ssrC{\{} {\naturalnumber}$^+$ \ssrC{\}} but the list should start with a number, and - not with an Ltac variable. -\item A list \ssrC{\{}{\naturalnumber}$^*$\ssrC{\}} of occurrences \emph{not} to be - affected by the tactic. For instance, the tactic: -\begin{lstlisting} - set x := {-2}(f 2). -\end{lstlisting} -behaves like -\begin{lstlisting} - set x := {1 3}(f 2). -\end{lstlisting} -on the goal \ssrL-f 2 + f 8 = f 2 + f 2- which has three occurrences of -the the term \ssrC{f 2} -\item In particular, the switch \ssrC{\{+\}} selects \emph{all} the - occurrences. This switch is useful to turn - off the default behavior of a tactic which automatically clears - some assumptions (see section \ref{ssec:discharge} for instance). -\item The switch \ssrC{\{-\}} imposes that \emph{no} occurrences of the - term should be affected by the tactic. The tactic: -\begin{lstlisting} - set x := {-}(f 2). -\end{lstlisting} -leaves the goal unchanged and adds the definition \ssrC{x := f 2} to the -context. This kind of tactic may be used to take advantage of the -power of the matching algorithm in a local definition, instead of -copying large terms by hand. -\end{itemize} - - -It is important to remember that matching \emph{precedes} occurrence -selection, hence the tactic: -\begin{lstlisting} - set a := {2}(_ + _). -\end{lstlisting} -transforms the goal \ssrC{x + y = x + y + z} into \ssrC{x + y = a + z} -and fails on the goal \\ -\ssrC{(x + y) + (z + z) = z + z} with the error message: -\begin{lstlisting} - User error: only 1 < 2 occurrence of (x + y + (z + z)) -\end{lstlisting} - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Localization}\label{ssec:loc} - - -It is possible to define an abbreviation for a term appearing in the -context of a goal thanks to the \ssrC{in} tactical. - -A tactic of the form: - -\begin{center} - \ssrC{set x :=} {\term} \ssrC{in} \ssrN[1]{fact}\ssrC{...}\ssrN[n]{fact}. -\end{center} - -introduces a defined constant called \ssrC{x} in the context, and folds -it in the facts \textit{fact$_1 \dots$ fact$_n$} -The body of \ssrC{x} is the first subterm matching \textit{term} in -\textit{fact$_1 \dots$ fact$_n$}. - -A tactic of the form: - -\begin{center} - \ssrC{set x :=} {\term} \ssrC{in} \ssrN[1]{fact}\ssrC{...}\ssrN[n]{fact} \ssrC{*.} -\end{center} - -matches {\term} and then folds \ssrC{x} similarly in -\textit{fact$_1 \dots$ fact$_n$}, but also folds \ssrC{x} in the goal. - -A goal \ssrL-x + t = 4-, whose context contains \ssrC{Hx : x = 3}, is left -unchanged by the tactic: -\begin{lstlisting} - set z := 3 in Hx. -\end{lstlisting} -but the context is extended with the definition \ssrC{z := 3} and \ssrC{Hx} becomes -\ssrC{Hx : x = z}. -On the same goal and context, the tactic: -\begin{lstlisting} - set z := 3 in Hx *. -\end{lstlisting} -will moreover change the goal into \ssrL-x + t = S z-. Indeed, remember -that \ssrC{4} is just a notation for \ssrC{(S 3)}. - -The use of the \ssrC{in} tactical is not limited to the localization of -abbreviations: for a complete description of the \ssrC{in} tactical, see -section \ref{ssec:profstack}. -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\section{Basic tactics}\label{sec:book} - - - -A sizable fraction of proof scripts consists of steps that do not -"prove" anything new, but instead perform menial bookkeeping tasks -such as selecting the names of constants and assumptions or splitting -conjuncts. Although they are logically trivial, bookkeeping steps are -extremely important because they define the structure of the data-flow -of a proof script. This is especially true for reflection-based -proofs, which often involve large numbers of constants and -assumptions. Good bookkeeping consists in always explicitly declaring -(i.e., naming) all new constants and assumptions in the script, and -systematically pruning irrelevant constants and assumptions in the -context. This is essential in the context of an interactive -development environment (IDE), because it facilitates navigating the -proof, allowing to instantly "jump back" to the point at which a -questionable assumption was added, and to find relevant assumptions by -browsing the pruned context. While novice or casual \Coq{} users may -find the automatic name selection feature convenient, the usage of -such a feature severely undermines the readability and maintainability -of proof scripts, much like automatic variable declaration in programming -languages. The \ssr{} tactics are therefore designed to support -precise bookkeeping and to eliminate name generation heuristics. -The bookkeeping features of \ssr{} are implemented as tacticals (or -pseudo-tacticals), shared across most \ssr{} tactics, and thus form -the foundation of the \ssr{} proof language. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Bookkeeping}\label{ssec:profstack} -\idx{move: \dots{}} -\idx{move=> \dots{}} -\idx{move: \dots{} => \dots{}} -\idx{\dots{} in \dots{}} - -During the course of a proof \Coq{} always present the user with -a \emph{sequent} whose general form is -\begin{displaymath}\begin{array}{l} -%\arrayrulecolor{dkviolet} -c_i\ \ssrC{:}\ T_i \\ -\dots\\ -d_j\ \ssrC{:=}\ e_j\ \ssrC{:}\ T_j \\ -\dots\\ -F_k\ \ssrC{:}\ P_k \\ -\dots \\[3pt] -\hline\hline\\[-8pt] -\ssrC{forall}\ \ssrC{(}x_\ell\ \ssrC{:}\ T_\ell\ssrC{)}\ \dots,\\ -\ssrC{let}\ y_m\ \ssrC{:=}\ b_m\ \ssrC{in}\ \dots\ \ssrC{in}\\ -P_n\ \ssrC{->}\ \dots\ \ssrC{->}\ C -\end{array}\end{displaymath} -The \emph{goal} to be proved appears below the double line; above the line is -the \emph{context} of the sequent, a set of declarations of -\emph{constants}~$c_i$, \emph{defined constants}~$d_i$, and -\emph{facts}~$F_k$ that can be used to prove the goal (usually, $T_i, -T_j\;:\;\ssrC{Type}$ and $P_k\;:\;\ssrC{Prop}$). The various kinds of -declarations can come in any order. The top part of the context -consists of declarations produced by the \ssrC{Section} commands -\ssrC{Variable}, \ssrC{Let}, and \ssrC{Hypothesis}. This \emph{section context} -is never affected by the \ssr{} tactics: they only operate on -the lower part --- the \emph{proof context}. -As in the figure above, the goal often decomposes into a series of -(universally) quantified \emph{variables} -$\ssrC{(}x_\ell\;\ssrC{:}\;T_\ell\ssrC{)}$, local \emph{definitions} -$\ssrC{let}\;y_m\:\ssrC{:=}\;b_m\;\ssrC{in}$, and \emph{assumptions} -$P_n\;\ssrC{->}$, and a \emph{conclusion}~$C$ (as in the context, variables, -definitions, and assumptions can appear in any order). The conclusion -is what actually needs to be proved --- the rest of the goal can be -seen as a part of the proof context that happens to be ``below the line''. - -However, although they are logically equivalent, there are fundamental -differences between constants and facts on the one hand, and variables -and assumptions on the others. Constants and facts are -\emph{unordered}, but \emph{named} explicitly in the proof text; -variables and assumptions are \emph{ordered}, but \emph{unnamed}: the -display names of variables may change at any time because of -$\alpha$-conversion. - -Similarly, basic deductive steps such as \ssrC{apply} can only operate on -the goal because the Gallina terms that control their action (e.g., -the type of the lemma used by \ssrC{apply}) only provide unnamed bound -variables.\footnote{Thus scripts that depend on bound variable names, e.g., -via \ssrC{intros} or \ssrC{with}, are inherently fragile.} Since the proof -script can only refer directly to the context, it must constantly -shift declarations from the goal to the context and conversely in -between deductive steps. - -In \ssr{} these moves are performed by two \emph{tacticals} `\ssrC{=>}' -and `\ssrC{:}', so that the bookkeeping required by a deductive step can -be directly associated to that step, and that tactics in an \ssr{} -script correspond to actual logical steps in the proof rather than -merely shuffle facts. Still, some isolated bookkeeping is unavoidable, -such as naming variables and assumptions at the beginning of a proof. -\ssr{} provides a specific \ssrC{move} tactic for this purpose. - -Now \ssrC{move} does essentially nothing: it is mostly a placeholder for -`\ssrC{=>}' and `\ssrC{:}'. The `\ssrC{=>}' tactical moves variables, local -definitions, and assumptions to the context, while the `\ssrC{:}' -tactical moves facts and constants to the goal. For example, the proof -of\footnote{The name \ssrC{subnK} reads as -``right cancellation rule for \ssrC{nat} subtraction''.} -\begin{lstlisting} - Lemma |*subnK*| : forall m n, n <= m -> m - n + n = m. -\end{lstlisting}\noindent -might start with -\begin{lstlisting} - move=> m n le_n_m. -\end{lstlisting} -where \ssrC{move} does nothing, but \ssrL|=> m n le_m_n| changes the -variables and assumption of the goal in the constants \ssrC{m n : nat} -and the fact \ssrL|le_n_m : n <= m|, thus exposing the conclusion\\ - \ssrC{m - n + n = m}. - -The `\ssrC{:}' tactical is the converse of `\ssrC{=>}': it removes facts -and constants from the context by turning them into variables and assumptions. -Thus -\begin{lstlisting} - move: m le_n_m. -\end{lstlisting} -turns back \ssrC{m} and \ssrL|le_m_n| into a variable and an assumption, removing -them from the proof context, and changing the goal to -\begin{lstlisting} - forall m, n <= m -> m - n + n = m. -\end{lstlisting} -which can be proved by induction on \ssrC{n} using \ssrC{elim: n}. - -\noindent -Because they are tacticals, `\ssrC{:}' and `\ssrC{=>}' can be combined, as in -\begin{lstlisting} - move: m le_n_m => p le_n_p. -\end{lstlisting} -simultaneously renames \ssrL|m| and \ssrL|le_m_n| into \ssrL|p| and \ssrL|le_n_p|, -respectively, by first turning them into unnamed variables, then -turning these variables back into constants and facts. - -Furthermore, \ssr{} redefines the basic \Coq{} tactics \ssrC{case}, -\ssrC{elim}, and \ssrC{apply} so that they can take better advantage of -'\ssrC{:}' and `\ssrC{=>}'. In there \ssr{} variants, these tactic operate -on the first variable or constant of the goal and they do not use or -change the proof context. The `\ssrC{:}' tactical is used to operate on -an element in the context. For instance the proof of \ssrC{subnK} could -continue with -\begin{lstlisting} - elim: n. -\end{lstlisting} -instead of \ssrC{elim n}; this has the advantage of -removing \ssrC{n} from the context. Better yet, this \ssrC{elim} can be combined -with previous \ssrC{move} and with the branching version of the \ssrC{=>} tactical -(described in~\ref{ssec:intro}), -to encapsulate the inductive step in a single command: -\begin{lstlisting} - elim: n m le_n_m => [|n IHn] m => [_ | lt_n_m]. -\end{lstlisting} -which breaks down the proof into two subgoals, -\begin{lstlisting} - m - 0 + 0 = m -\end{lstlisting} -given \ssrC{m : nat}, and -\begin{lstlisting} - m - S n + S n = m -\end{lstlisting} -given \ssrC{m n : nat}, \ssrL|lt_n_m : S n <= m|, and -\begin{lstlisting} - IHn : forall m, n <= m -> m - n + n = m. -\end{lstlisting} -The '\ssrC{:}' and `\ssrC{=>}' tacticals can be explained very simply -if one views the goal as a stack of variables and assumptions piled -on a conclusion: -\begin{itemize} -\item {\tac} \ssrC{:} $a$ $b$ $c$ pushes the context constants $a$, $b$, $c$ -as goal variables \emph{before} performing {\tac}. -\item {\tac} \ssrC{=>} $a$ $b$ $c$ pops the top three goal variables as -context constants $a$, $b$, $c$, \emph{after} {\tac} -has been performed. -\end{itemize} -These pushes and pops do not need to balance out as in the examples above, -so -\begin{lstlisting} - move: m le_n_m => p. -\end{lstlisting} -would rename \ssrC{m} into \ssrC{p}, but leave an extra assumption \ssrC{n <= p} -in the goal. - -Basic tactics like \ssrC{apply} and \ssrC{elim} can also be used without the -'\ssrC{:}' tactical: for example we can directly start a proof of \ssrC{subnK} -by induction on the top variable \ssrC{m} with -\begin{lstlisting} - elim=> [|m IHm] n le_n. -\end{lstlisting} - -\noindent -The general form of the localization tactical \ssrC{in} is also best -explained in terms of the goal stack: - -\begin{center} - {\tac} \ssrC{in a H1 H2 *.} -\end{center} - -is basically equivalent to - -\begin{center} - \ssrC{move: a H1 H2;} {\tac} \ssrC{=> a H1 H2.} -\end{center} - -with two differences: the \ssrC{in} tactical will preserve the body of \ssrC{a} if -\ssrC{a} is a defined constant, and if the `\ssrC{*}' is omitted it -will use a temporary abbreviation to hide the statement of the goal -from \ssrC{/*tactic*/}. - -The general form of the \ssrC{in} tactical can be used directly with -the \ssrC{move}, \ssrC{case} and \ssrC{elim} tactics, so that one can write -\begin{lstlisting} - elim: n => [|n IHn] in m le_n_m *. -\end{lstlisting} -instead of -\begin{lstlisting} - elim: n m le_n_m => [|n IHn] m le_n_m. -\end{lstlisting} -This is quite useful for inductive proofs that involve many facts. - -\noindent See section \ref{ssec:gloc} for the general syntax and presentation -of the \ssrC{in} tactical. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{The defective tactics}\label{ssec:basictac} - -In this section we briefly present the three basic tactics performing -context manipulations and the main backward chaining tool. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{The \ssrC{move} tactic.}\label{sssec:move} -\idx{move} - -The \ssrC{move} tactic, in its -defective form, behaves like the primitive \ssrC{hnf} \Coq{} tactic. For -example, such a defective: -\begin{lstlisting} - move. -\end{lstlisting} -exposes the first assumption in the goal, i.e. its changes the goal -\ssrC{\~ False} into \ssrC{False -> False}. - -More precisely, the \ssrC{move} tactic inspects the goal and does nothing -(\ssrC{idtac}) if an introduction step is possible, i.e. if the -goal is a product or a \ssrC{let}$\dots$\ssrC{in}, and performs \ssrC{hnf} -otherwise. - -Of course this tactic is most often used in combination with the -bookkeeping tacticals (see section \ref{ssec:intro} and -\ref{ssec:discharge}). These combinations mostly subsume the \ssrC{intros}, -\ssrC{generalize}, \ssrC{revert}, \ssrC{rename}, \ssrC{clear} and -\textcolor{dkblue}{\texttt{pattern}} tactics. - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{The \ssrC{case} tactic.} -\idx{case: \dots{}} - -The \ssrC{case} tactic performs -\emph{primitive case analysis} on (co)inductive types; specifically, -it destructs the top variable or assumption of the goal, -exposing its constructor(s) and its arguments, as well as setting the value -of its type family indices if it belongs to a type family -(see section \ref{ssec:typefam}). - -The \ssr{} \ssrC{case} tactic has a special behavior on -equalities. -If the top assumption of the goal is an equality, the \ssrC{case} tactic -``destructs'' it as a set of equalities between the constructor -arguments of its left and right hand sides, as per the -tactic \ssrC{injection}. -For example, \ssrC{case} changes the goal -\begin{lstlisting} - (x, y) = (1, 2) -> G. -\end{lstlisting} -into -\begin{lstlisting} - x = 1 -> y = 2 -> G. -\end{lstlisting} - -Note also that the case of \ssr{} performs \ssrC{False} -elimination, even if no branch is generated by this case operation. -Hence the command: -\begin{lstlisting} - case. -\end{lstlisting} -on a goal of the form \ssrC{False -> G} will succeed and prove the goal. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{The \ssrC{elim} tactic.} -\idx{elim: \dots{}} - -The \ssrC{elim} tactic performs -inductive elimination on inductive types. -The defective: -\begin{lstlisting} - elim. -\end{lstlisting} -tactic performs inductive elimination on a goal whose top assumption -has an inductive type. For example on goal of the form: -\begin{lstlisting} - forall n : nat, m <= n -\end{lstlisting} - in a context containing \ssrC{m : nat}, the -\begin{lstlisting} - elim. -\end{lstlisting} -tactic produces two goals, -\begin{lstlisting} - m <= 0 -\end{lstlisting} -on one hand and -\begin{lstlisting} - forall n : nat, m <= n -> m <= S n -\end{lstlisting} -on the other hand. - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{The \ssrC{apply} tactic.}\label{sssec:apply} -\idx{apply: \dots{}} - -The \ssrC{apply} tactic is the main -backward chaining tactic of the proof system. It takes as argument any -\ssrC{/*term*/} and applies it to the goal. -Assumptions in the type of \ssrC{/*term*/} that don't directly match the -goal may generate one or more subgoals. - -In fact the \ssr{} tactic: -\begin{lstlisting} - apply. -\end{lstlisting} -is a synonym for: -\begin{lstlisting} - intro top; first [refine top | refine (top _) | refine (top _ _) | ...]; clear top. -\end{lstlisting} -where \ssrC{top} is fresh name, and the sequence of \ssrC{refine} tactics -tries to catch the appropriate number of wildcards to be inserted. -Note that this use of the \ssrC{refine} tactic implies that the tactic -tries to match the goal up to expansion of -constants and evaluation of subterms. - -\ssr{}'s \ssrC{apply} has a special behaviour on goals containing -existential metavariables of sort \ssrC{Prop}. Consider the -following example: -\begin{lstlisting} -Goal (forall y, 1 < y -> y < 2 -> exists x : { n | n < 3 }, proj1_sig x > 0). -move=> y y_gt1 y_lt2; apply: (ex_intro _ (exist _ y _)). - by apply: gt_trans _ y_lt2. -by move=> y_lt3; apply: lt_trans y_gt1. -\end{lstlisting} -Note that the last \ssrC{_} of the tactic \ssrC{apply: (ex_intro _ (exist _ y _))} -represents a proof that \ssrC{y < 3}. Instead of generating the following -goal -\begin{lstlisting} - 0 < (n:=3) (m:=y) ?54 -\end{lstlisting} -\noindent the system tries to prove \ssrC{y < 3} calling the \ssrC{trivial} -tactic. If it succeeds, let's say because the context contains -\ssrC{H : y < 3}, then the system generates the following goal: -\begin{lstlisting} - 0 < proj1_sig (exist (fun n => n < 3) y H -\end{lstlisting} -\noindent Otherwise the missing proof is considered to be irrelevant, and -is thus discharged generating the following goals: -\begin{lstlisting} - y < 3 - forall H : y < 3, proj1_sig (exist (fun n => n < 3) y H) -\end{lstlisting} -Last, the user can replace the \ssrC{trivial} tactic by defining -an Ltac expression named \ssrC{ssrautoprop}. - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Discharge}\label{ssec:discharge} -\idx{\dots{} : \dots{}} - -The general syntax of the discharging tactical `\ssrC{:}' is: -\begin{center} - {\tac} \optional{\ssrN{ident}} \ssrC{:} \ssrN[1]{d-item} $\dots$ \ssrN[n]{d-item} \optional{\ssrN{clear-switch}} -\end{center} -where $n > 0$, and \ssrN{d-item} and \ssrN{clear-switch} are defined as -\begin{longtable}{rcl} -\ssrN{d-item} & ::= & \optional{\ssrN{occ-switch} {\optsep} \ssrN{clear-switch}} {\term} \\ -\ssrN{clear-switch}& ::=& \ssrC{\{} \ssrN[1]{ident}\, \ldots\, \ssrN[m]{ident} \ssrC{\}} -\end{longtable} -with the following requirements: -\begin{itemize} -\item {\tac} must be one of the four basic tactics described - in~\ref{ssec:basictac}, i.e., \ssrC{move}, \ssrC{case}, \ssrC{elim} or \ssrC{apply}, - the \ssrC{exact} tactic (section \ref{ssec:termin}), - the \ssrC{congr} tactic (section \ref{ssec:congr}), or the application - of the \emph{view} tactical `\ssrC{/}' (section \ref{ssec:assumpinterp}) - to one of \ssrC{move}, \ssrC{case}, or \ssrC{elim}. -\item The optional \ssrN{ident} specifies \emph{equation generation} - (section \ref{ssec:equations}), and is only allowed if {\tac} - is \ssrC{move}, \ssrC{case} or \ssrC{elim}, or the application of the - view tactical `\ssrC{/}' (section \ref{ssec:assumpinterp}) - to \ssrC{case} or \ssrC{elim}. -\item An \ssrN{occ-switch} selects occurrences of {\term}, - as in \ref{sssec:occselect}; \ssrN{occ-switch} is not allowed if - {\tac} is \ssrC{apply} or \ssrC{exact}. -\item A clear item \ssrN{clear-switch} specifies facts and constants to be - deleted from the proof context (as per the \ssrC{clear} tactic). -\end{itemize} -The `\ssrC{:}' tactical first \emph{discharges} all the \ssrN{d-item}s, -right to left, and then performs {\tac}, i.e., for each \ssrN{d-item}, -starting with $\ssrN[n]{d-item}$: -\begin{enumerate} -\item The \ssr{} matching algorithm described in section~\ref{ssec:set} - is used to find occurrences of {\term} in the goal, - after filling any holes `\ssrC{_}' in {\term}; however if {\tac} - is \ssrC{apply} or \ssrC{exact} a different matching algorithm, - described below, is used - \footnote{Also, a slightly different variant may be used for the first - \ssrN{d-item} of \ssrC{case} and \ssrC{elim}; see section~\ref{ssec:typefam}.}. -\item~\label{enum:gen} These occurrences are replaced by a new - variable; in particular, - if {\term} is a fact, this adds an assumption to the goal. -\item~\label{enum:clr} If {\term} is \emph{exactly} the name of a constant - or fact in the proof context, it is deleted from the context, - unless there is an \ssrN{occ-switch}. -\end{enumerate} -Finally, {\tac} is performed just after $\ssrN[1]{d-item}$ has been -generalized --- -that is, between steps \ref{enum:gen} and \ref{enum:clr} for $\ssrN[1]{d-item}$. -The names listed in the final \ssrN{clear-switch} (if it is present) -are cleared first, before $\ssrN[n]{d-item}$ is discharged. - -\noindent -Switches affect the discharging of a \ssrN{d-item} as follows: -\begin{itemize} -\item An \ssrN{occ-switch} restricts generalization (step~\ref{enum:gen}) - to a specific subset of the occurrences of {\term}, as per - \ref{sssec:occselect}, and prevents clearing (step~\ref{enum:clr}). -\item All the names specified by a \ssrN{clear-switch} are deleted from the - context in step~\ref{enum:clr}, possibly in addition to {\term}. -\end{itemize} -For example, the tactic: -\begin{lstlisting} - move: n {2}n (refl_equal n). -\end{lstlisting} -\begin{itemize} -\item first generalizes \ssrC{(refl_equal n : n = n)}; -\item then generalizes the second occurrence of \ssrC{n}. -\item finally generalizes all the other occurrences of \ssrC{n}, - and clears \ssrC{n} from the proof context - (assuming \ssrC{n} is a proof constant). -\end{itemize} -Therefore this tactic changes any goal \ssrC{G} into -\begin{lstlisting} - forall n n0 : nat, n = n0 -> G. -\end{lstlisting} -where the name \ssrC{n0} is picked by the \Coq{} display function, -and assuming \ssrC{n} appeared only in~\ssrC{G}. - -Finally, note that a discharge operation generalizes defined constants -as variables, and not as local definitions. To override this behavior, -prefix the name of the local definition with a \ssrC{@}, -like in \ssrC{move: @n}. - -This is in contrast with the behavior of the \ssrC{in} tactical (see section -\ref{ssec:gloc}), which preserves local definitions by default. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Clear rules} - -The clear step will fail if {\term} is a proof constant that -appears in other facts; in that case either the facts should be -cleared explicitly with a \ssrN{clear-switch}, or the clear step should be -disabled. The latter can be done by adding an \ssrN{occ-switch} or simply by -putting parentheses around {\term}: both -\begin{lstlisting} - move: (n). -\end{lstlisting} -and -\begin{lstlisting} - move: {+}n. -\end{lstlisting} -generalize \ssrC{n} without clearing \ssrC{n} from the proof context. - -The clear step will also fail if the \ssrN{clear-switch} contains a -\ssrN{ident} that is not in the \emph{proof} context. -Note that \ssr{} never clears a section constant. - -If {\tac} is \ssrC{move} or \ssrC{case} and an equation \ssrN{ident} is given, -then clear (step~\ref{enum:clr}) for $\ssrN[1]{d-item}$ is suppressed -(see section \ref{ssec:equations}). - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Matching for \ssrC{apply} and \ssrC{exact}}\label{sss:strongapply} - -The matching algorithm for \ssrN{d-item}s of the \ssr{} \ssrC{apply} and -\ssrC{exact} tactics -exploits the type of $\ssrN[1]{d-item}$ to interpret -wildcards in the other \ssrN{d-item} and to determine which occurrences of -these should be generalized. -Therefore, \ssrN{occur switch}es are not needed for \ssrC{apply} and \ssrC{exact}. - -Indeed, the \ssr{} tactic \ssrC{apply: H x} is equivalent to -\begin{lstlisting} - refine (@H _ ... _ x); clear H x -\end{lstlisting} -with an appropriate number of wildcards between \ssrC{H} and~\ssrC{x}. - -Note that this means that matching for \ssrC{apply} and \ssrC{exact} has -much more context to interpret wildcards; in particular it can accommodate -the `\ssrC{_}' \ssrN{d-item}, which would always be rejected after `\ssrC{move:}'. -For example, the tactic -\begin{lstlisting} - apply: trans_equal (Hfg _) _. -\end{lstlisting} -transforms the goal \ssrC{f a = g b}, whose context contains -\ssrC{(Hfg : forall x, f x = g x)}, into \ssrC{g a = g b}. -This tactic is equivalent (see section \ref{ssec:profstack}) to: -\begin{lstlisting} - refine (trans_equal (Hfg _) _). -\end{lstlisting} -and this is a common idiom for applying transitivity on the left hand side -of an equation. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{The \ssrC{abstract} tactic}\label{ssec:abstract} -\idx{abstract: \dots{}} - -The \ssrC{abstract} tactic assigns an abstract constant previously introduced with -the \ssrC{[: name ]} intro pattern (see section~\ref{ssec:intro}, -page~\pageref{ssec:introabstract}). -In a goal like the following: -\begin{lstlisting} - m : nat - abs : <hidden> - n : nat - ============= - m < 5 + n -\end{lstlisting} -The tactic \ssrC{abstract: abs n} first generalizes the goal with respect to -\ssrC{n} (that is not visible to the abstract constant \ssrC{abs}) and then -assigns \ssrC{abs}. The resulting goal is: -\begin{lstlisting} - m : nat - n : nat - ============= - m < 5 + n -\end{lstlisting} -Once this subgoal is closed, all other goals having \ssrC{abs} in their context -see the type assigned to \ssrC{abs}. In this case: -\begin{lstlisting} - m : nat - abs : forall n, m < 5 + n -\end{lstlisting} - -For a more detailed example the user should refer to section~\ref{sssec:have}, -page~\pageref{sec:havetransparent}. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Introduction}\label{ssec:intro} -\idx{\dots{} => \dots{}} - -The application of a tactic to a given goal can generate -(quantified) variables, assumptions, or definitions, which the user may want to -\emph{introduce} as new facts, constants or defined constants, respectively. -If the tactic splits the goal into several subgoals, -each of them may require the introduction of different constants and facts. -Furthermore it is very common to immediately decompose -or rewrite with an assumption instead of adding it to the context, -as the goal can often be simplified and even -proved after this. - -All these operations are performed by the introduction tactical -`\ssrC{=>}', whose general syntax is -\begin{center} - {\tac} \ssrC{=>} \ssrN[1]{i-item} $\dots$ \ssrN[n]{i-item} -\end{center} -where {\tac} can be any tactic, $n > 0$ and -\begin{longtable}{rcl} - \ssrN{i-item}& ::=& \ssrN{i-pattern} {\optsep} \ssrN{s-item} {\optsep} \ssrN{clear-switch} {\optsep} \ssrC{/}{\term} \\ - \ssrN{s-item}& ::=& \ssrC{/=} {\optsep} \ssrC{//} {\optsep} \ssrC{//=} \\ - \ssrN{i-pattern}& ::=& \ssrN{ident} {\optsep} \ssrC{_} {\optsep} \ssrC{?} {\optsep} \ssrC{*} {\optsep} \optional{\ssrN{occ-switch}}\ssrC{->} {\optsep} \optional{\ssrN{occ-switch}}\ssrC{<-} {\optsep} \\ - && \ssrC{[} \ssrN[1]{i-item}$^*$ \ssrC{|} $\dots$ \ssrC{|} \ssrN[m]{i-item}$^*$ \ssrC{]} {\optsep} \ssrC{-} {\optsep} \ssrC{[:} \ssrN{ident}$^+$ \ssrC{]} -\end{longtable} - -The `\ssrC{=>}' tactical first executes {\tac}, then the -\ssrN{i-item}s, left to right, i.e., starting from $\ssrN[1]{i-item}$. An -\ssrN{s-item} specifies a simplification operation; a $\ssrN{clear -switch}$ specifies context pruning as in~\ref{ssec:discharge}. The -\ssrN{i-pattern}s can be seen as a variant of \emph{intro patterns}~\ref{intros-pattern}: -each performs an introduction operation, i.e., pops some variables or -assumptions from the goal. - -An \ssrN{s-item} can simplify the set of subgoals or the subgoal themselves: -\begin{itemize} -\item \ssrC{//} removes all the ``trivial'' subgoals that can be resolved by - the \ssr{} tactic \ssrC{done} described in~\ref{ssec:termin}, i.e., it - executes \ssrC{try done}. -\item \ssrC{/=} simplifies the goal by performing partial evaluation, as - per the tactic \ssrC{simpl}.\footnote{Except \ssrC{/=} does not - expand the local definitions created by the \ssr{} \ssrC{in} tactical.} -\item \ssrC{//=} combines both kinds of simplification; it is equivalent - to \ssrC{/= //}, i.e., \ssrC{simpl; try done}. -\end{itemize} -When an \ssrN{s-item} bears a \ssrN{clear-switch}, then the \ssrN{clear-switch} is -executed \emph{after} the \ssrN{s-item}, e.g., \ssrL|{IHn}//| will solve -some subgoals, possibly using the fact \ssrL|IHn|, and will erase \ssrL|IHn| -from the context of the remaining subgoals. - -The last entry in the \ssrN{i-item} grammar rule, \ssrC{/}{\term}, -represents a view (see section~\ref{sec:views}). If $\ssrN[k+1]{i-item}$ -is a view \ssrN{i-item}, the view is applied to the assumption in top -position once $\ssrN[1]{i-item} \dots \ssrN[k]{i-item}$ have been performed. - -The view is applied to the top assumption. - -\ssr{} supports the following \ssrN{i-pattern}s: -\begin{itemize} -\item \ssrN{ident} pops the top variable, assumption, or local definition into - a new constant, fact, or defined constant \ssrN{ident}, respectively. - Note that defined constants cannot be introduced when - $\delta$-expansion is required to expose the top variable or assumption. -\item \ssrC{?} pops the top variable into an anonymous constant or fact, - whose name is picked by the tactic interpreter. - \ssr{} only generates names that - cannot appear later in the user script.\footnote{\ssr{} reserves - all identifiers of the form ``\ssrC{_x_}'', which is used for such - generated names.} -\item \ssrC{_} pops the top variable into an anonymous constant that will be - deleted from - the proof context of all the subgoals produced by the \ssrC{=>} tactical. - They should thus never be displayed, except in an error message - if the constant is still actually used in the goal or context after - the last \ssrN{i-item} has been executed (\ssrN{s-item}s can erase goals - or terms where the constant appears). -\item \ssrC{*} pops all the remaining apparent variables/assumptions - as anonymous constants/facts. Unlike \ssrC{?} and \ssrC{move} the \ssrC{*} - \ssrN{i-item} does not expand definitions in the goal to expose - quantifiers, so it may be useful to repeat a \ssrC{move=> *} tactic, - e.g., on the goal -\begin{lstlisting} - forall a b : bool, a <> b -\end{lstlisting} -a first \ssrC{move=> *} adds only \ssrC{_a_ : bool} and \ssrC{_b_ : bool} to -the context; it takes a second \ssrC{move=> *} to add -\ssrC{_Hyp_ : _a_ = _b_}. -\item $[\ssrN{occ-switch}]$\ssrC{->} (resp. $[\ssrN{occ-switch}]$\ssrC{<-}) - pops the top assumption - (which should be a rewritable proposition) into an anonymous fact, - rewrites (resp. rewrites right to left) the goal with this fact - (using the \ssr{} \ssrC{rewrite} tactic described in section~\ref{sec:rw}, - and honoring the optional occurrence selector), - and finally deletes the anonymous fact from the context. -\item\ssrC{[ $\ssrN[1]{i-item}^*$ | $\dots$ | $\ssrN[m]{i-item}^*$ ]}, - when it is the very \emph{first} \ssrN{i-pattern} after ${\tac}\;\ssrC{=>}$ - tactical \emph{and} {\tac} is not a \ssrC{move}, is a \emph{branching} - \ssrN{i-pattern}. It executes - the sequence $\ssrN[i]{i-item}^*$ on the $i^{\rm th}$ - subgoal produced by {\tac}. The execution of {\tac} - should thus generate exactly $m$ - subgoals, unless the \ssrC{[$\dots$]} \ssrN{i-pattern} comes after an initial - \ssrC{//} or \ssrC{//=} \ssrN{s-item} that closes some of the goals produced by - {\tac}, in which case exactly $m$ subgoals should remain after the - \ssrN{s-item}, or we have the trivial branching \ssrN{i-pattern} \ssrC{[]}, - which always does nothing, regardless of the number of remaining subgoals. -\item\ssrC{[ $\ssrN[1]{i-item}^*$ | $\dots$ | $\ssrN[m]{i-item}^*$ ]}, when it is - \emph{not} the first \ssrN{i-pattern} or when {\tac} is a - \ssrC{move}, is a \emph{destructing} \ssrN{i-pattern}. It starts by - destructing the top variable, using the \ssr{} \ssrC{case} tactic - described in~\ref{ssec:basictac}. It then behaves as the - corresponding branching \ssrN{i-pattern}, executing the sequence - $\ssrN[i]{i-item}^*$ in the $i^{\rm th}$ subgoal generated by the case - analysis; unless we have the trivial destructing \ssrN{i-pattern} - \ssrC{[]}, the latter should generate exactly $m$ subgoals, i.e., the - top variable should have an inductive type with exactly $m$ - constructors.\footnote{More precisely, it should have a quantified - inductive type with $a$ assumptions and $m - a$ constructors.} - While it is good style to use the $\ssrN[i]{i-item}^*$ - to pop the variables and assumptions corresponding to each constructor, - this is not enforced by \ssr{}. -\item\ssrC{-} does nothing, but counts as an intro pattern. It can also - be used to force the interpretation of - \ssrC{[ $\ssrN[1]{i-item}^*$ | $\dots$ | $\ssrN[m]{i-item}^*$ ]} - as a case analysis like in \ssrC{move=> -[H1 H2]}. It can also be used - to indicate explicitly the link between a view and a name like in - \ssrC{move=> /eqP-H1}. Last, it can serve as a separator between - views. Section~\ref{ssec:multiview} explains in which respect - the tactic \ssrC{move=> /v1/v2} differs from the tactic - \ssrC{move=> /v1-/v2}. -\item\ssrC{[: $\ssrN{ident}^+$ ]} introduces in the context an abstract constant - for each \ssrN{ident}. Its type has to be fixed later on by using - the \ssrC{abstract} tactic (see page~\pageref{ssec:abstract}). Before then - the type displayed is \ssrC{<hidden>}.\label{ssec:introabstract} -\end{itemize} -Note that \ssr{} does not support the syntax -$\ssrC{(}\ssrN{ipat}\ssrC{,}\dots\ssrC{,}\ssrN{ipat}\ssrC{)}$ for destructing -intro-patterns. - -Clears are deferred until the end of the intro pattern. For -example, given the goal: -\begin{lstlisting} -x, y : nat -================== -0 < x = true -> (0 < x) && (y < 2) = true -\end{lstlisting} -the tactic \ssrC{move=> \{x\} ->} successfully rewrites the goal and -deletes \ssrC{x} and the anonymous equation. The goal is thus turned into: -\begin{lstlisting} -y : nat -================== -true && (y < 2) = true -\end{lstlisting} -If the cleared names are reused in the same intro pattern, a renaming -is performed behind the scenes. - -Facts mentioned in a clear switch must be valid -names in the proof context (excluding the section context). - -The rules for interpreting branching and destructing \ssrN{i-pattern} -are motivated by the fact that it would be pointless to have a branching -pattern if {\tac} is a \ssrC{move}, and in most of the remaining cases -{\tac} is \ssrC{case} or \ssrC{elim}, which implies destruction. -The rules above imply that -\begin{lstlisting} - move=> [a b]. - case=> [a b]. - case=> a b. -\end{lstlisting} -are all equivalent, so which one to use is a matter of style; -\ssrC{move} should be used for casual decomposition, -such as splitting a pair, and \ssrC{case} should be used for actual decompositions, -in particular for type families (see~\ref{ssec:typefam}) -and proof by contradiction. - -The trivial branching \ssrN{i-pattern} can be used to force the branching -interpretation, e.g., -\begin{lstlisting} - case=> [] [a b] c. - move=> [[a b] c]. - case; case=> a b c. -\end{lstlisting} -are all equivalent. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Generation of equations}\label{ssec:equations} -\idx{move eq : \dots{}} - -The generation of named equations option stores the definition of a -new constant as an equation. The tactic: -\begin{lstlisting} - move En: (size l) => n. -\end{lstlisting} -where \ssrC{l} is a list, replaces \ssrC{size l} by \ssrC{n} in the goal and -adds the fact \ssrC{En : size l = n} to the context. - This is quite different from: -\begin{lstlisting} - pose n := (size l). -\end{lstlisting} -which generates a definition \ssrC{n := (size l)}. It is not possible to -generalize or -rewrite such a definition; on the other hand, it is automatically -expanded during -computation, whereas expanding the equation \ssrC{En} requires explicit -rewriting. - -The use of this equation name generation option with a \ssrC{case} or an -\ssrC{elim} tactic changes the status of the first \iitem{}, in order to -deal with the possible parameters of the constants introduced. - -On the -goal \ssrC{a <> b} where \ssrC{a, b} are natural numbers, the tactic: -\begin{lstlisting} - case E : a => [|n]. -\end{lstlisting} -generates two subgoals. The equation \ssrC{E : a = 0} (resp. \ssrC{E : a = - S n}, and the constant \ssrC{n : nat}) has been added to -the context of the goal \ssrC{0 <> b} (resp. \ssrC{S n <> b}). - -If the user does not provide a branching \iitem{} as first \iitem{}, -or if the \iitem{} does not provide enough names for the arguments of -a constructor, -then the constants generated are introduced under fresh \ssr{} names. -For instance, on the goal \ssrC{a <> b}, the tactic: -\begin{lstlisting} - case E : a => H. -\end{lstlisting} -also generates two subgoals, both requiring a proof of \ssrC{False}. - The hypotheses \ssrC{E : a = 0} and -\ssrC{H : 0 = b} (resp. \ssrC{E : a = S _n_} and -\ssrC{H : S _n_ = b}) have been added to the context of the first -subgoal (resp. the second subgoal). - -Combining the generation of named equations mechanism with the -\ssrC{case} tactic strengthens the power of a case analysis. On the other -hand, when combined with the \ssrC{elim} tactic, this feature is mostly -useful for -debug purposes, to trace the values of decomposed parameters and -pinpoint failing branches. - -% This feature is also useful -% to analyse and debug generate-and-test style scripts that prove program -% properties by generating a large set of input patterns and uniformly -% solving the corresponding subgoals by computation and rewriting, e.g, - -% \begin{lstlisting} -% case: et => [|e' et]; first by case: s. -% case: e => //; case: b; case: w. -% \end{lstlisting} -% If the above sequence fails, then it's easy enough to replace the line -% above with -% \begin{lstlisting} -% case: et => [|e' et]. -% case Ds: s; case De: e => //; case Db: b; case Dw: w=> [|s' w'] //=. -% \end{lstlisting} -% Then the first subgoal that appears will be the failing one, and the -% equations \ssrC{Ds}, \ssrC{De}, \ssrC{Db} -% and \ssrC{Dw} will pinpoint its branch. When the constructors of -% the decomposed type have arguments (like \ssrC{w : (seq nat)} -% above) these need to be -% introduced in order to generate the equation, so there should -% always be an explicit \iitem{} (\ssrC{\[|s' w'\]} above) that -% assigns names to these arguments. If this \iitem{} -% is omitted the arguments are introduced with default -% name; this -% feature should be -% avoided except for quick debugging runs (it has some uses in complex tactic -% sequences, however). - - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Type families}\label{ssec:typefam} -\idx{case: \dots{} / \dots{}} - -When the top assumption of a goal has an inductive type, two -specific operations are possible: the case analysis performed by the -\ssrC{case} tactic, and the application of an induction principle, -performed by the \ssrC{elim} tactic. When this top assumption has an -inductive type, which is moreover an instance of a type family, \Coq{} -may need help from the user to specify which occurrences of the parameters -of the type should be substituted. - -A specific \ssrC{/} switch indicates the type family parameters of the -type of a \ditem{} immediately following this \ssrC{/} switch, using the -syntax: - -\begin{center} - \ssrC{[} \ssrC{case} {\optsep} \ssrC{elim} \ssrC{]:} \ssrN{d-item}$^+$ \ssrC{/} \ssrN{d-item}$^*$ -\end{center} - -The \ssrN{d-item}s on the right side of the \ssrC{/} switch are discharged -as described in section \ref{ssec:discharge}. The case analysis or -elimination will be done on the type of the top assumption after these -discharge operations. - -Every \ssrN{d-item} preceding the \ssrC{/} is interpreted as arguments of this -type, which should be an instance of an inductive type family. These terms are -not actually generalized, but rather selected for substitution. Occurrence -switches can be used to restrict the substitution. If a {\term} is left -completely implicit (e.g. writing just $\ssrC{\_}$), then a pattern is inferred -looking at the type of the top assumption. This allows for the compact syntax -\ssrC{case: \{2\}\_ / eqP}, were \ssrC{\_} is interpreted as \ssrC{(\_ == \_)}. Moreover -if the \ssrN{d-item}s list is too short, it is padded with an initial -sequence of $\ssrC{\_}$ of the right length. - -Here is a small example on lists. We define first a function which -adds an element at the end of a given list. -\begin{lstlisting} - Require Import List. - - Section LastCases. - Variable A : Type. - - Fixpoint |*add_last*|(a : A)(l : list A): list A := - match l with - |nil => a :: nil - |hd :: tl => hd :: (add_last a tl) - end. -\end{lstlisting} -Then we define an inductive predicate for -case analysis on lists according to their last element: -\begin{lstlisting} - Inductive |*last_spec*| : list A -> Type := - | LastSeq0 : last_spec nil - | LastAdd s x : last_spec (add_last x s). - - Theorem |*lastP*| : forall l : list A, last_spec l. -\end{lstlisting} -Applied to the goal: -\begin{lstlisting} - Goal forall l : list A, (length l) * 2 = length (app l l). -\end{lstlisting} -the command: -\begin{lstlisting} - move=> l; case: (lastP l). -\end{lstlisting} -generates two subgoals: -\begin{lstlisting} - length nil * 2 = length (nil ++ nil) -\end{lstlisting} -and -\begin{lstlisting} - forall (s : list A) (x : A), - length (add_last x s) * 2 = length (add_last x s ++ add_last x s) -\end{lstlisting} -both having \ssrC{l : list A} in their context. - -Applied to the same goal, the command: -\begin{lstlisting} - move=> l; case: l / (lastP l). -\end{lstlisting} -generates the same subgoals but \ssrC{l} has been cleared from both -contexts. - -Again applied to the same goal, the command: -\begin{lstlisting} - move=> l; case: {1 3}l / (lastP l). -\end{lstlisting} -generates the subgoals \ssrL-length l * 2 = length (nil ++ l)- and -\ssrL-forall (s : list A) (x : A), length l * 2 = length (add_last x s++l)- -where the selected occurrences on the left of the \ssrC{/} switch have -been substituted with \ssrC{l} instead of being affected by the case -analysis. - -The equation name generation feature combined with a type family \ssrC{/} - switch generates an equation for the \emph{first} dependent d-item -specified by the user. -Again starting with the above goal, the command: -\begin{lstlisting} - move=> l; case E: {1 3}l / (lastP l)=>[|s x]. -\end{lstlisting} -adds \ssrC{E : l = nil} and \ssrC{E : l = add_last x s}, -respectively, to the context of the two subgoals it generates. - -There must be at least one \emph{d-item} to the left of the \ssrC{/} -switch; this prevents any -confusion with the view feature. However, the \ditem{}s to the right of -the \ssrC{/} are optional, and if they are omitted the first assumption -provides the instance of the type family. - -The equation always refers to the first \emph{d-item} in the actual -tactic call, before any padding with initial $\ssrC{\_}$s. Thus, if an -inductive type has two family parameters, it is possible to have -\ssr{} generate an equation for the second one by omitting the pattern -for the first; note however that this will fail if the type of the -second parameter depends on the value of the first parameter. -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\section{Control flow} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Indentation and bullets}\label{ssec:indent} - -A linear development of \Coq{} scripts gives little information on -the structure of the proof. In addition, replaying a proof after some -changes in the statement to be proved will usually not display information to -distinguish between the various branches of case analysis for instance. - -To help the user in this organization of the proof script at -development time, \ssr{} provides some bullets to highlight the -structure of branching proofs. The available bullets are \ssrC{-}, -\ssrC{+} and \ssrC{*}. Combined with tabulation, this lets us highlight four -nested levels of branching; the most we have ever -needed is three. Indeed, the use of ``simpl and closing'' switches, of -terminators (see above section \ref{ssec:termin}) and selectors (see - section \ref{ssec:select}) is powerful enough -to avoid most of the time more than two levels of indentation. - -Here is a fragment of such a structured script: - -\begin{lstlisting} -case E1: (abezoutn _ _) => [[| k1] [| k2]]. -- rewrite !muln0 !gexpn0 mulg1 => H1. - move/eqP: (sym_equal F0); rewrite -H1 orderg1 eqn_mul1. - by case/andP; move/eqP. -- rewrite muln0 gexpn0 mulg1 => H1. - have F1: t %| t * S k2.+1 - 1. - apply: (@dvdn_trans (orderg x)); first by rewrite F0; exact: dvdn_mull. - rewrite orderg_dvd; apply/eqP; apply: (mulgI x). - rewrite -{1}(gexpn1 x) mulg1 gexpn_add leq_add_sub //. - by move: P1; case t. - rewrite dvdn_subr in F1; last by exact: dvdn_mulr. - + rewrite H1 F0 -{2}(muln1 (p ^ l)); congr (_ * _). - by apply/eqP; rewrite -dvdn1. - + by move: P1; case: (t) => [| [| s1]]. -- rewrite muln0 gexpn0 mul1g => H1. -... -\end{lstlisting} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Terminators}\label{ssec:termin} -\idx{by \dots{}} - -To further structure scripts, \ssr{} -supplies \emph{terminating} tacticals to explicitly close off tactics. -When replaying scripts, we then have the nice property that -an error immediately occurs when a closed tactic fails to prove its -subgoal. - -It is hence recommended practice that the proof of any subgoal should -end with a tactic which \emph{fails if it does not solve the current - goal}, like \ssrC{discriminate}, \ssrC{contradiction} or \ssrC{assumption}. - -In fact, \ssr{} provides a generic tactical which turns any tactic into -a closing one (similar to \ssrC{now}). Its general syntax is: - -\begin{center} - \ssrC{by} {\tac}\ssrC{.} -\end{center} - -The Ltac expression: - -\begin{center} - \ssrC{by [}\ssrN[1]{tactic} \ssrC{| [}\ssrN[2]{tactic} \ssrC{| ...].} -\end{center} - -is equivalent to: - -\begin{center} - \ssrC{[by} \ssrN[1]{tactic} \ssrC{| by} \ssrN[2]{tactic} \ssrC{| ...].} -\end{center} - -and this form should be preferred to the former. - -In the script provided as example in section \ref{ssec:indent}, the -paragraph corresponding to each sub-case ends with a tactic line prefixed -with a \ssrC{by}, like in: - -\begin{center} - \ssrC{by apply/eqP; rewrite -dvdn1.} -\end{center} - - -The \ssrC{by} tactical is implemented using the user-defined, -and extensible \ssrC{done} tactic. This \ssrC{done} tactic tries to solve -the current goal by some trivial means and fails if it doesn't succeed. -Indeed, the tactic expression: - -\begin{center} - \ssrC{by} {\tac}\ssrC{.} -\end{center} - -is equivalent to: - -\begin{center} - {\tac}\ssrC{; done.} -\end{center} - -Conversely, the tactic - -\begin{center} - \ssrC{by [ ].} -\end{center} - -is equivalent to: - -\begin{center} - \ssrC{done.} -\end{center} - -The default implementation of the \ssrC{done} tactic, in the {\tt - ssreflect.v} file, is: - -\begin{lstlisting} -Ltac done := - trivial; hnf; intros; solve - [ do ![solve [trivial | apply: sym_equal; trivial] - | discriminate | contradiction | split] - | case not_locked_false_eq_true; assumption - | match goal with H : ~ _ |- _ => solve [case H; trivial] end ]. -\end{lstlisting} - -The lemma \ssrC{|*not_locked_false_eq_true*|} is needed to discriminate -\emph{locked} boolean predicates (see section \ref{ssec:lock}). -The iterator tactical \ssrC{do} is presented in section -\ref{ssec:iter}. -This tactic can be customized by the user, for instance to include an -\ssrC{auto} tactic. - -A natural and common way of closing a goal is to apply a lemma which -is the \ssrC{exact} one needed for the goal to be solved. The defective -form of the tactic: -\begin{lstlisting} - exact. -\end{lstlisting} -is equivalent to: -\begin{lstlisting} - do [done | by move=> top; apply top]. -\end{lstlisting} -where \ssrC{top} is a fresh name affected to the top assumption of the goal. -This applied form is supported by the \ssrC{:} discharge tactical, and -the tactic: -\begin{lstlisting} - exact: MyLemma. -\end{lstlisting} -is equivalent to: -\begin{lstlisting} - by apply: MyLemma. -\end{lstlisting} -(see section \ref{sss:strongapply} for the documentation of the \ssrC{apply:} -combination). - -\textit{Warning} The list of tactics, possibly chained by -semi-columns, that follows a \ssrC{by} keyword is considered as a -parenthesized block -applied to the current goal. Hence for example if the tactic: -\begin{lstlisting} - by rewrite my_lemma1. -\end{lstlisting} -succeeds, then the tactic: -\begin{lstlisting} - by rewrite my_lemma1; apply my_lemma2. -\end{lstlisting} -usually fails since it is equivalent to: -\begin{lstlisting} - by (rewrite my_lemma1; apply my_lemma2). -\end{lstlisting} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Selectors}\label{ssec:select} -\idx{last \dots{} first} -\idx{first \dots{} last} - -When composing tactics, the two tacticals \ssrC{first} and -\ssrC{last} let the user restrict the application of a tactic to only one -of the subgoals generated by the previous tactic. This -covers the frequent cases where a tactic generates two subgoals one of -which can be easily disposed of. - -This is an other powerful way of linearization of scripts, since it -happens very often that a trivial subgoal can be solved in a less than -one line tactic. For instance, the tactic: - -\begin{center} - \ssrN[1]{tactic}\ssrC{; last by} \ssrN[2]{tactic}\ssrC{.} -\end{center} - -tries to solve the last subgoal generated by \ssrN[1]{tactic} using the -\ssrN[2]{tactic}, and fails if it does not succeeds. Its analogous - -\begin{center} - \ssrN[1]{tactic}\ssrC{; first by} \ssrN[2]{tactic}. -\end{center} - -tries to solve the first subgoal generated by \ssrN[1]{tactic} using the -tactic \ssrN[2]{tactic}, and fails if it does not succeeds. - - -\ssr{} also offers an extension of this facility, by supplying -tactics to \emph{permute} the subgoals generated by a tactic. -The tactic: - -\begin{center} - {\tac}\ssrC{; last first.} -\end{center} - -inverts the order of the subgoals generated by {\tac}. It is -equivalent to: - -\begin{center} - {\tac}\ssrC{; first last.} -\end{center} - - -More generally, the tactic: - -\begin{center} - {\tac}\ssrC{; last }${\naturalnumber}$ \ssrC{first.} -\end{center} - -where ${\naturalnumber}$ is -a \Coq{} numeral, or and Ltac variable denoting -a \Coq{} numeral, having the value $k$. It -rotates the $n$ subgoals $G_1, -\dots, G_n$ generated by {\tac}. The first subgoal becomes -$G_{n + 1 - k}$ and the circular order of subgoals remains unchanged. - -Conversely, the tactic: - - {\tac}\ssrC{; first }${\naturalnumber}$ \ssrC{last.} - -rotates the $n$ subgoals $G_1, -\dots, G_n$ generated by \ssrC{tactic} in order that the first subgoal -becomes $G_{k}$. - -Finally, the tactics \ssrC{last} and \ssrC{first} combine with the -branching syntax of Ltac: -if the tactic $\ssrN[0]{tactic}$ generates $n$ -subgoals on a given goal, then the tactic - - $tactic_0$\ssrC{; last }${\naturalnumber}$ \ssrC{[}$tactic_1$\ssrC{|}$\dots$\ssrC{|}$tactic_m$\ssrC{] || }$tactic_{m+1}$\ssrC{.} - -where ${\naturalnumber}$ denotes the integer $k$ as above, applies $tactic_1$ to the -$n -k + 1$-th goal, $\dots tactic_m$ to the $n -k + 2 - m$-th -goal and $tactic_{m+1}$ to the others. - -For instance, the script: -\begin{lstlisting} - Inductive test : nat -> Prop := - C1 : forall n, test n | C2 : forall n, test n | - C3 : forall n, test n | C4 : forall n, test n. - - Goal forall n, test n -> True. - move=> n t; case: t; last 2 [move=> k| move=> l]; idtac. -\end{lstlisting} - -creates a goal with four subgoals, the first and the last being -\ssrC{nat -> True}, the second and the third being \ssrC{True} with -respectively \ssrC{k : nat} and \ssrC{l : nat} in their context. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Iteration}\label{ssec:iter} -\idx{do \dots{} [ \dots{} ]} - -\ssr{} offers an accurate control on the repetition of -tactics, thanks to the \ssrC{do} tactical, whose general syntax is: - -\begin{center} - \ssrC{do} \optional{\ssrN{mult}} \ssrC{[} \ssrN[1]{tactic} \ssrC{|} $\dots$ \ssrC{|} \ssrN[n]{tactic} \ssrC{]} -\end{center} -where \ssrN{mult} is a \emph{multiplier}. - -Brackets can only be omitted if a single tactic is given \emph{and} a -multiplier is present. - -A tactic of the form: - -\begin{center} - \ssrC{do [} \tac$_1$ \ssrC{|} $\dots$ \ssrC{|} \tac$_n$\ssrC{].} -\end{center} - -is equivalent to the standard Ltac expression: - -\begin{center} - \ssrC{first [} \tac$_1$ \ssrC{|} $\dots$ \ssrC{|} \tac$_n$\ssrC{].} -\end{center} - - -The optional multiplier \ssrN{mult} specifies how many times -the action of {\tac} should be repeated on the current subgoal. - -There are four kinds of multipliers: - \begin{itemize} - \item \ssrC{n!}: the step {\tac} is repeated exactly $n$ times - (where $n$ is a positive integer argument). - \item \ssrC{!}: the step {\tac} is repeated as many times as possible, - and done at least once. - \item \ssrC{?}: the step {\tac} is repeated as many times as possible, - optionally. - \item \ssrC{n?}: the step {\tac} is repeated up to $n$ times, - optionally. - \end{itemize} - -For instance, the tactic: - -\begin{center} - {\tac} \ssrL+; do 1?rewrite mult_comm.+ -\end{center} - -rewrites at most one time the lemma \ssrC{mult_com} in all the subgoals -generated by {\tac} , whereas the tactic: - -\begin{center} - {\tac} \ssrL+; do 2!rewrite mult_comm.+ -\end{center} - -rewrites exactly two times the lemma \ssrC{mult_com} in all the subgoals -generated by {\tac}, and fails if this rewrite is not possible -in some subgoal. - -Note that the combination of multipliers and \ssrC{rewrite} is so often -used that multipliers are in fact integrated to the syntax of the \ssr{} -\ssrC{rewrite} tactic, see section \ref{sec:rw}. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Localization}\label{ssec:gloc} -\idx{\dots{} in \dots{}} - -In sections \ref{ssec:loc} and \ref{ssec:profstack}, we have already -presented the \emph{localization} tactical \ssrC{in}, whose general -syntax is: -\begin{center} - {\tac} \ssrC{in} \ssrN{ident}$^+$ \optional{\ssrC{*}} -\end{center} - -where \ssrN{ident}$^+$ is a non empty list of fact -names in the context. On the left side of \ssrC{in}, {\tac} can be -\ssrC{move}, \ssrC{case}, \ssrC{elim}, \ssrC{rewrite}, \ssrC{set}, - or any tactic formed with the general iteration tactical \ssrC{do} (see - section \ref{ssec:iter}). - -The operation described by {\tac} is performed in the facts -listed in \ssrN{ident}$^+$ and in the goal if a \ssrC{*} ends -the list. - -The \ssrC{in} tactical successively: -\begin{itemize} -\item generalizes the selected hypotheses, possibly ``protecting'' the - goal if \ssrC{*} is not present, -\item performs {\tac}, on the obtained goal, -\item reintroduces the generalized facts, under the same names. -\end{itemize} - -This defective form of the \ssrC{do} tactical is useful to avoid clashes -between standard Ltac \ssrC{in} and the \ssr{} tactical \ssrC{in}. -For example, in the following script: -\begin{lstlisting} - Ltac |*mytac*| H := rewrite H. - - Goal forall x y, x = y -> y = 3 -> x + y = 6. - move=> x y H1 H2. - do [mytac H2] in H1 *. -\end{lstlisting} -the last tactic rewrites the hypothesis \ssrC{H2 : y = 3} both in -\ssrC{H1 : x = y} and in the goal \ssrC{x + y = 6}. - -By default \ssrC{in} keeps the body of local definitions. To erase -the body of a local definition during the generalization phase, -the name of the local definition must be written between parentheses, -like in \ssrC{rewrite H in H1 (def_n) $\;\;$H2}. - -From \ssr{} 1.5 the grammar for the \ssrC{in} tactical has been extended -to the following one: - -\begin{center} - {\tac} \ssrC{in} \optional{ - \ssrN{clear-switch} {\optsep} - \optional{\ssrC{@}}\ssrN{ident} {\optsep} - \ssrC{(}\ssrN{ident}\ssrC{)} {\optsep} - \ssrC{(}\optional{\ssrC{@}}\ssrN{ident} \ssrC{:=} \ssrN{c-pattern}\ssrC{)} - }$^+$ \optional{\ssrC{*}} -\end{center} - -In its simplest form the last option lets one rename hypotheses that can't be -cleared (like section variables). For example \ssrC{(y := x)} generalizes -over \ssrC{x} and reintroduces the generalized -variable under the name \ssrC{y} (and does not clear \ssrC{x}).\\ -For a more precise description the $\ssrC{(}[\ssrC{@}]\ssrN{ident}\ \ssrC{:=}\ \ssrN{c-pattern}\ssrC{)}$ -item refer to the ``Advanced generalization'' paragraph at page~\pageref{par:advancedgen}. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Structure}\label{ssec:struct} - -Forward reasoning structures the script by explicitly specifying some -assumptions to be added to the proof context. It is closely associated -with the declarative style of proof, since an extensive use of these -highlighted statements -make the script closer to a (very detailed) text book proof. - -Forward chaining tactics allow to state an intermediate lemma and start a -piece of script dedicated to the proof of this statement. The use of -closing tactics (see section \ref{ssec:termin}) and of -indentation makes syntactically explicit the portion of the script -building the proof of the intermediate statement. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{The \ssrC{have} tactic.} -\label{sssec:have} -\idx{have: \dots{}} -\idx{have: \dots{} := \dots{}} - -The main \ssr{} forward reasoning tactic is the \ssrC{have} tactic. It -can be use in two modes: one starts a new (sub)proof for an -intermediate result in the main proof, and the other -provides explicitly a proof term for this intermediate step. - -In the first mode, the syntax of \ssrC{have} in its defective form is: - - \ssrC{have: }{\term}\ssrC{.} - -This tactic supports open syntax for {\term}. -Applied to a goal \ssrC{G}, it generates a first subgoal requiring a -proof of {\term} in the context of \ssrC{G}. The second generated -subgoal is of the form {\term} \ssrC{-> G}, where {\term} becomes -the new top assumption, instead of being introduced with a fresh -name. At the proof-term level, the \ssrC{have} tactic creates a $\beta$ -redex, and introduces the lemma under a fresh name, automatically -chosen. - - -Like in the case of the \ssrC{pose} tactic (see section \ref{ssec:pose}), -the types of the holes are abstracted in {\term}. -For instance, the tactic: -\begin{lstlisting} - have: _ * 0 = 0. -\end{lstlisting} -is equivalent to: -\begin{lstlisting} - have: forall n : nat, n * 0 = 0. -\end{lstlisting} -The \ssrC{have} tactic also enjoys the same abstraction mechanism as the -\ssrC{pose} tactic for the non-inferred implicit arguments. For instance, -the tactic: -\begin{lstlisting} - have: forall x y, (x, y) = (x, y + 0). -\end{lstlisting} -opens a new subgoal to prove that: - -\noindent\ssrC{forall (T : Type) (x : T) (y : nat), (x, y) = (x, y + 0)} - - -The behavior of the defective \ssrC{have} tactic makes it possible to -generalize it in the -following general construction: -\begin{center} - \ssrC{have} \ssrN{i-item}$^*$ \optional{\ssrN{i-pattern}} - \optional{\ssrN{s-item} {\optsep} \ssrN{binder}$^+$} - \optional{\ssrC{:} \ssrN[1]{term}} - \optional{\ssrC{:=} \ssrN[2]{term} {\optsep} \ssrC{by} {\tac}} -\end{center} - -Open syntax is supported for $\ssrN[1]{term}$ and $\ssrN[2]{term}$. For the -description of -\iitem{}s and clear switches see section \ref{ssec:intro}. -The first mode of the \ssrC{have} tactic, which opens a sub-proof for an -intermediate result, uses tactics of the form: - -\begin{center} - \ssrC{have} \ssrN{clear-switch} \ssrN{i-item} \ssrC{:} {\term} \ssrC{by} {\tac}. -\end{center} - -which behave like:\\ - -\begin{center} - \ssrC{have:} {\term} \ssrC{; first by } {\tac}. -\end{center} -\begin{center} - \ssrC{ move=>} \ssrN{clear-switch} \ssrN{i-item}. -\end{center} - - -Note that the \ssrN{clear-switch} \emph{precedes} the -\ssrN{i-item}, which allows to reuse a name of the context, possibly used -by the proof of the assumption, to introduce the new assumption -itself. - -The \ssrC{by} feature is especially convenient when the proof script of the -statement is very short, basically when it fits in one line like in: -\begin{lstlisting} - have H : forall x y, x + y = y + x by move=> x y; rewrite addnC. -\end{lstlisting} - -The possibility of using \iitem{}s supplies a very concise -syntax for the further use of the intermediate step. For instance, -\begin{lstlisting} - have -> : forall x, x * a = a. -\end{lstlisting} -on a goal \ssrC{G}, opens a new subgoal asking for a proof of -\ssrC{forall x, x * a = a}, and a second subgoal in which the lemma - \ssrC{forall x, x * a = a} has been rewritten in the goal \ssrC{G}. Note - that in this last subgoal, the intermediate result does not appear in - the context. -Note that, thanks to the deferred execution of clears, the following -idiom is supported (assuming \ssrC{x} occurs in the goal only): -\begin{lstlisting} - have {x} -> : x = y -\end{lstlisting} - -An other frequent use of the intro patterns combined with \ssrC{have} is the -destruction of existential assumptions like in the tactic: -\begin{lstlisting} - have [x Px]: exists x : nat, x > 0. -\end{lstlisting} -which opens a new subgoal asking for a proof of \ssrC{exists x : nat, x > - 0} and a second subgoal in which the witness is introduced under -the name \ssrC{x : nat}, and its property under the name \ssrC{Px : x > 0}. - -An alternative use of the \ssrC{have} tactic is to provide the explicit proof -term for the intermediate lemma, using tactics of the form: - -\begin{center} - \ssrC{have} \optional{\ssrN{ident}} \ssrC{:=} {\term}. -\end{center} - -This tactic creates a new assumption of type the type of -{\term}. If the -optional \ssrN{ident} is present, this assumption is introduced under -the name \ssrN{ident}. Note that the body of the constant is lost for -the user. - -Again, non inferred implicit arguments and explicit holes are abstracted. For -instance, the tactic: -\begin{lstlisting} - have H := forall x, (x, x) = (x, x). -\end{lstlisting} -adds to the context \ssrC{H : Type -> Prop}. This is a schematic example but -the feature is specially useful when the proof term to give involves -for instance a lemma with some hidden implicit arguments. - -After the \ssrN{i-pattern}, a list of binders is allowed. -For example, if \ssrC{Pos_to_P} is a lemma that proves that -\ssrC{P} holds for any positive, the following command: -\begin{lstlisting} - have H x (y : nat) : 2 * x + y = x + x + y by auto. -\end{lstlisting} -will put in the context \ssrC{H : forall x, 2 * x = x + x}. A proof term -provided after \ssrC{:=} can mention these bound variables (that are -automatically introduced with the given names). -Since the \ssrN{i-pattern} can be omitted, to avoid ambiguity, bound variables -can be surrounded with parentheses even if no type is specified: -\begin{lstlisting} - have (x) : 2 * x = x + x by auto. -\end{lstlisting} - -The \ssrN{i-item}s and \ssrN{s-item} can be used to interpret the -asserted hypothesis with views (see section~\ref{sec:views}) or -simplify the resulting goals. - -The \ssrC{have} tactic also supports a \ssrC{suff} modifier which allows for -asserting that a given statement implies the current goal without -copying the goal itself. For example, given a goal \ssrC{G} the tactic -\ssrC{have suff H : P} results in the following two goals: -\begin{lstlisting} - |- P -> G - H : P -> G |- G -\end{lstlisting} -Note that \ssrC{H} is introduced in the second goal. The \ssrC{suff} -modifier is not compatible with the presence of a list of binders. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Generating \ssrC{let in} context entries with \ssrC{have}} -\label{sec:havetransparent} - -Since \ssr{} 1.5 the \ssrC{have} tactic supports a ``transparent'' modifier to -generate \ssrC{let in} context entries: the \ssrC{@} symbol in front of the context -entry name. For example: - -\begin{lstlisting} -have @i : 'I_n by apply: (Sub m); auto. -\end{lstlisting} -generates the following two context entry: -\begin{lstlisting} -i := Sub m proof_produced_by_auto : 'I_n -\end{lstlisting} - -Note that the sub-term produced by \ssrC{auto} is in general huge and -uninteresting, and hence one may want to hide it. - -For this purpose the \ssrC{[: name ]} intro pattern and the tactic -\ssrC{abstract} (see page~\pageref{ssec:abstract}) are provided. -Example: -\begin{lstlisting} -have [:blurb] @i : 'I_n by apply: (Sub m); abstract: blurb; auto. -\end{lstlisting} -generates the following two context entries: -\begin{lstlisting} -blurb : (m < n) (*1*) -i := Sub m blurb : 'I_n -\end{lstlisting} -The type of \ssrC{blurb} can be cleaned up by its annotations by just simplifying -it. The annotations are there for technical reasons only. - -When intro patterns for abstract constants are used in conjunction -with \ssrC{have} and an explicit term, they must be used as follows: - -\begin{lstlisting} -have [:blurb] @i : 'I_n := Sub m blurb. - by auto. -\end{lstlisting} - -In this case the abstract constant \ssrC{blurb} is assigned by using it -in the term that follows \ssrC{:=} and its corresponding goal is left to -be solved. Goals corresponding to intro patterns for abstract constants -are opened in the order in which the abstract constants are declared (not -in the ``order'' in which they are used in the term). - -Note that abstract constants do respect scopes. Hence, if a variable -is declared after their introduction, it has to be properly generalized (i.e. -explicitly passed to the abstract constant when one makes use of it). -For example any of the following two lines: -\begin{lstlisting} -have [:blurb] @i k : 'I_(n+k) by apply: (Sub m); abstract: blurb k; auto. -have [:blurb] @i k : 'I_(n+k) := apply: Sub m (blurb k); first by auto. -\end{lstlisting} -generates the following context: -\begin{lstlisting} -blurb : (forall k, m < n+k) (*1*) -i := fun k => Sub m (blurb k) : forall k, 'I_(n+k) -\end{lstlisting} - -Last, notice that the use of intro patterns for abstract constants is -orthogonal to the transparent flag \ssrC{@} for \ssrC{have}. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{The \ssrC{have} tactic and type classes resolution} -\label{ssec:havetcresolution} - -Since \ssr{} 1.5 the \ssrC{have} tactic behaves as follows with respect to type -classes inference. - -\begin{itemize} -\item \ssrC{have foo : ty.} - Full inference for \ssrC{ty}. - The first subgoal demands a proof of such instantiated statement. -\item \ssrC{have foo : ty := .} - No inference for \ssrC{ty}. Unresolved instances are quantified in - \ssrC{ty}. The first subgoal demands a proof of such quantified - statement. Note that no proof term follows \ssrC{:=}, hence two - subgoals are generated. -\item \ssrC{have foo : ty := t.} - No inference for \ssrC{ty} and \ssrC{t}. -\item \ssrC{have foo := t.} - No inference for \ssrC{t}. Unresolved instances are quantified in the - (inferred) type of \ssrC{t} and abstracted in \ssrC{t}. -\end{itemize} - -The behavior of \ssr{} 1.4 and below (never resolve type classes) -can be restored with the option \ssrC{Set SsrHave NoTCResolution}. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Variants: the \ssrC{suff} and \ssrC{wlog} tactics.} -\label{ssec:wlog} -\idx{suff: \dots{}} -\idx{suffices: \dots{}} -\idx{wlog: \dots{} / \dots{}} -\idx{without loss: \dots{} / \dots{}} - -As it is often the case in mathematical textbooks, forward -reasoning may be used in slightly different variants. -One of these variants is to show that the intermediate step $L$ -easily implies the initial goal $G$. By easily we mean here that -the proof of $L \Rightarrow G$ is shorter than the one of $L$ -itself. This kind of reasoning step usually starts with: -``It suffices to show that \dots''. - -This is such a frequent way of reasoning that \ssr{} has a variant of the -\ssrC{have} tactic called \ssrC{suffices} (whose abridged name is -\ssrC{suff}). The \ssrC{have} and \ssrC{suff} tactics are equivalent and -have the same syntax but: -\begin{itemize} -\item the order of the generated subgoals is inversed -\item but the optional clear item is still performed in the - \emph{second} branch. This means that the tactic: -\begin{lstlisting} - suff {H} H : forall x : nat, x >= 0. -\end{lstlisting} -fails if the context of the current goal indeed contains an -assumption named \ssrC{H}. -\end{itemize} -The rationale of this clearing policy is to make possible ``trivial'' -refinements of an assumption, without changing its name in the main -branch of the reasoning. - -The \ssrC{have} modifier can follow the \ssrC{suff} tactic. -For example, given a goal \ssrC{G} the tactic -\ssrC{suff have H : P} results in the following two goals: -\begin{lstlisting} - H : P |- G - |- (P -> G) -> G -\end{lstlisting} -Note that, in contrast with \ssrC{have suff}, the name \ssrC{H} has been introduced -in the first goal. - -Another useful construct is reduction, -showing that a particular case is in fact general enough to prove -a general property. This kind of reasoning step usually starts with: -``Without loss of generality, we can suppose that \dots''. -Formally, this corresponds to the proof of a goal \ssrC{G} by introducing -a cut \ssrN{wlog\_statement} \ssrC{-> G}. Hence the user shall provide a -proof for both \ssrC{(}\ssrN{wlog\_statement} \ssrC{-> G) -> G} and -\ssrN{wlog\_statement} \ssrC{-> G}. However, such cuts are usually rather -painful to perform by hand, because the statement -\ssrN{wlog\_statement} is tedious to write by hand, and somtimes even -to read. - -\ssr{} implements this kind of reasoning step through the \ssrC{without loss} -tactic, whose short name is \ssrC{wlog}. It offers support to describe -the shape of the cut statements, by providing the simplifying -hypothesis and by pointing at the elements of the initial goals which -should be generalized. The general syntax of \ssrC{without loss} is: - -\begin{center} - \ssrC{wlog} \optional{\ssrC{suff}} \optional{\ssrN{clear-switch}} \optional{\ssrN{i-item}} \ssrC{:} \optional{\ssrN[1]{ident} $\dots$ \ssrN[n]{ident}} \ssrC{/} {\term} -\end{center} - -where \ssrN[1]{ident} $\dots$ \ssrN[n]{ident} are identifiers for constants -in the context of the goal. Open syntax is supported for {\term}. - -In its defective form: - -\begin{center} - \ssrC{wlog: /} {\term}. -\end{center} - -on a goal \ssrC{G}, it creates two subgoals: a first one to prove the formula -\ssrC{(}{\term} \ssrC{-> G) -> G} and a second one to prove the formula -{\term} \ssrC{-> G}. - -:browse confirm wa -If the optional list \ssrN[1]{ident} $\dots$ \ssrN[n]{ident} is present on the left -side of \ssrC{/}, these constants are generalized in the premise -\ssrC{(}{\term} \ssrC{-> G)} of the first subgoal. By default the body of -local definitions is erased. This behavior can be inhibited -prefixing the name of the local definition with the \ssrC{@} character. - -In the second subgoal, the tactic: - -\begin{center} - \ssrC{move=>} \ssrN{clear-switch}\ssrC{} \ssrN{i-item}\ssrC{.} -\end{center} - -is performed if at least one of these optional switches is present in -the \ssrC{wlog} tactic. - -The \ssrC{wlog} tactic is specially useful when a symmetry argument -simplifies a proof. Here is an example showing the beginning of the -proof that quotient and reminder of natural number euclidean division -are unique. -\begin{lstlisting} - Lemma quo_rem_unicity: forall d q1 q2 r1 r2, - q1*d + r1 = q2*d + r2 -> r1 < d -> r2 < d -> (q1, r1) = (q2, r2). - move=> d q1 q2 r1 r2. - wlog: q1 q2 r1 r2 / q1 <= q2. - by case (le_gt_dec q1 q2)=> H; last symmetry; eauto with arith. -\end{lstlisting} - -The \ssrC{wlog suff} variant is simpler, since it cuts -\ssrN{wlog\_statement} instead of \ssrN{wlog\_statement} \ssrC{-> G}. It thus -opens the goals \ssrN{wlog\_statement} \ssrC{-> G} and \ssrN{wlog\_statement}. - -In its simplest form -the \ssrC{generally have :...} tactic -is equivalent to \ssrC{wlog suff :...} followed by \ssrC{last first}. -When the \ssrC{have} tactic -is used with the \ssrC{generally} (or \ssrC{gen}) modifier it accepts an -extra identifier followed by a comma before the usual intro pattern. -The identifier will name the new hypothesis in its more general form, -while the intro pattern will be used to process its instance. For example: -\begin{lstlisting} - Lemma simple n (ngt0 : 0 < n ) : P n. - gen have ltnV, /andP[nge0 neq0] : n ngt0 / (0 <= n) && (n != 0). -\end{lstlisting} -The first subgoal will be -\begin{lstlisting} - n : nat - ngt0 : 0 < n - ==================== - (0 <= n) && (n != 0) -\end{lstlisting} -while the second one will be -\begin{lstlisting} - n : nat - ltnV : forall n, 0 < n -> (0 <= n) && (n != 0) - nge0 : 0 <= n - neqn0 : n != 0 - ==================== - P n -\end{lstlisting} - -\paragraph{Advanced generalization}\label{par:advancedgen} -The complete syntax for the items on the left hand side of the \ssrC{/} -separator is the following one: -\begin{center} -\ssrN{clear-switch} {\optsep} \optional{\ssrC{@}} \ssrN{ident} {\optsep} \ssrC{(}\optional{\ssrC{@}}\ssrN{ident} \ssrC{:=} \ssrN{c-pattern}\ssrC{)} -\end{center} -Clear operations are intertwined with generalization operations. This -helps in particular avoiding dependency issues while generalizing some facts. - -\noindent -If an \ssrN{ident} is prefixed with the \ssrC{@} prefix mark, then a -let-in redex is created, which keeps track if its body (if any). The -syntax \ssrC{(}\ssrN{ident}\ssrC{:=}\ssrN{c-pattern}\ssrC{)} allows to -generalize an arbitrary term using a given name. Note that its simplest -form \ssrC{(x := y)} is just a renaming of \ssrC{y} into \ssrC{x}. In -particular, this can be useful in order to simulate the generalization -of a section variable, otherwise not allowed. Indeed renaming does not -require the original variable to be cleared. - - -\noindent -The syntax \ssrC{(@x := y)} generates a let-in abstraction but with the following -caveat: \ssrC{x} will not bind \ssrC{y}, but its body, whenever \ssrC{y} can be -unfolded. This cover the case of both local and global definitions, as -illustrated in the following example: - -\begin{lstlisting} -Section Test. -Variable x : nat. -Definition addx z := z + x. -Lemma test : x <= addx x. -wlog H : (y := x) (@twoy := addx x) / twoy = 2 * y. -\end{lstlisting} -\noindent -The first subgoal is: -\begin{lstlisting} - (forall y : nat, let twoy := y + y in twoy = 2 * y -> y <= twoy) -> - x <= addx x -\end{lstlisting} -\noindent -To avoid unfolding the term captured by the pattern \ssrC{add x} one -can use the pattern \ssrC{id (addx x)}, that would produce the following first -subgoal: -\begin{lstlisting} - (forall y : nat, let twoy := addx y in twoy = 2 * y -> y <= twoy) -> - x <= addx x -\end{lstlisting} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\section{Rewriting}\label{sec:rw} -\idx{rewrite \dots{}} - -The generalized use of reflection implies that most of the -intermediate results handled are properties of effectively computable -functions. The most efficient mean of establishing such results are -computation and simplification of expressions involving such -functions, i.e., rewriting. \ssr{} therefore includes an extended -\ssrC{rewrite} tactic, that unifies and combines most of the rewriting -functionalities. -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{An extended \ssrC{rewrite} tactic}\label{ssec:extrw} -The main features of the \ssrC{rewrite} tactic are: -\begin{itemize} -\item It can perform an entire series of such operations in any - subset of the goal and/or context; -\item It allows to perform rewriting, - simplifications, folding/unfolding of definitions, closing of goals; -\item Several rewriting operations can be chained in a single tactic; -\item Control over the occurrence at which rewriting is to be performed is - significantly enhanced. -\end{itemize} - - -The general form of an \ssr{} rewrite tactic is: - -\begin{center} - \ssrC{rewrite} \ssrN{rstep}$^+$\ssrC{.} -\end{center} - -The combination of a rewrite tactic with the \ssrC{in} tactical (see -section \ref{ssec:loc}) performs rewriting in both the context and the -goal. - -A rewrite step \ssrN{rstep} has the general form: - -\begin{center} - \optional{\ssrN{r-prefix}}\ssrN{r-item} -\end{center} - -where: - -\begin{longtable}{rcl} -\ssrN{r-prefix} & ::= & - \optional{\ssrC{-}} \optional{\ssrN{mult}} \optional{\ssrN{occ-switch} {\optsep} \ssrN{clear-switch}} \optional{\ssrC{[}\ssrN{r-pattern}\ssrC{]}}\\ -\ssrN{r-pattern} & ::= & -{\term} {\optsep} \ssrC{in} \optional{\ssrN{ident} \ssrC{in}} {\term} {\optsep} \optional{{\term} \ssrC{in} {\optsep} {\term} \ssrC{as} } \ssrN{ident} \ssrC{in} {\term}\\ -\ssrN{r-item} & ::= & -\optional{\ssrC{/}}{\term} {\optsep} \ssrN{s-item} \\ -\end{longtable} - - -% \begin{eqnarray*} -% \ssrN{r-prefix} & ::= & -% [\ssrC{-}]\ [\ssrN{mult}][\ssrN{occ-switch} | \ssrN{cl-item}][{\term}]\\ -% \ssrN{r-item} & ::= & -% [\ssrC{-}]{\term}\ |\ [\ssrC{-}]\ssrC{[}\ssrN[1]{term}\ssrC{]}\ssrC{/(}\ssrN[2]{term}\ssrC{)} \ |\ -% \ssrN{simpl switch} \ |\ \\ -% && \ssrN{eq-term} \ |\ \ssrC{(} \ssrN[1]{eq-term}\ssrC{,}\dots -% \ssrC{,}\ssrN[n]{eq-term} \ssrC{)} \ |\ \ssrC{(_ :}\ssrN{eq-term} \ssrC{)} -% \end{eqnarray*} - - -An \ssrN{r-prefix} contains annotations to qualify where and how the -rewrite operation should be performed: -\begin{itemize} -\item The optional initial \ssrC{-} indicates the direction of the rewriting - of \ssrN{r-item}: if present the direction is right-to-left and it is - left-to-right otherwise. -\item The multiplier \ssrN{mult} (see section \ref{ssec:iter}) - specifies if and how the rewrite operation should be repeated. -\item A rewrite operation matches the occurrences of a \emph{rewrite - pattern}, and replaces these occurrences by an other term, according - to the given \ssrN{r-item}. - The optional \emph{redex switch} $\ssrC{[}\ssrN{r-pattern}\ssrC{]}$, which - should always be surrounded by brackets, gives explicitly this - rewrite pattern. In its simplest form, it is a regular term. - If no explicit redex switch - is present the rewrite pattern to be matched is inferred from the - \ssrN{r-item}. -\item This optional {\term}, or - the \ssrN{r-item}, may be preceded by an - occurrence switch (see section \ref{ssec:select}) or a clear item - (see section \ref{ssec:discharge}), these two possibilities being - exclusive. An occurrence switch selects the occurrences of the - rewrite pattern which should be affected by the rewrite operation. -\end{itemize} - - -An \ssrN{r-item} can be: - - -\begin{itemize} -\item A \emph{simplification r-item}, represented by a - \ssrN{s-item} (see section \ref{ssec:intro}). -% In some cases, \ssrN{r-prefix}es are not supported. - Simplification operations are - intertwined with the possible other rewrite operations specified by - the list of r-items. -\item A \emph{folding/unfolding r-item}. The tactic: - - \ssrC{rewrite /}{\term} - -unfolds the head constant of \textit{term} in every occurrence of the -first matching of \textit{term} in the goal. In particular, if -\ssrC{my_def} is a (local or global) defined constant, the tactic: -\begin{lstlisting} - rewrite /my_def. -\end{lstlisting} -is analogous to: -\begin{lstlisting} - unfold my_def. -\end{lstlisting} -Conversely: -\begin{lstlisting} - rewrite -/my_def. -\end{lstlisting} -is equivalent to: -\begin{lstlisting} - fold my_def. -\end{lstlisting} -%\emph{Warning} The combination of redex switch with unfold -%\ssrN{r-item} is not yet implemented. - -When an unfold r-item is combined with a redex pattern, a conversion -operation is performed. A tactic of the form: - -\begin{center} - \ssrC{rewrite -[}\ssrN[1]{term}\ssrC{]/}\ssrN[2]{term}\ssrC{.} -\end{center} - -is equivalent to: - - -\begin{center} - \ssrC{change} \ssrN[1]{term} \ssrC{with} \ssrN[2]{term}\ssrC{.} -\end{center} - - -If \ssrN[2]{term} is a single constant and \ssrN[1]{term} head symbol -is not \ssrN[2]{term}, then the head symbol of \ssrN[1]{term} is -repeatedly unfolded until \ssrN[2]{term} appears. - -\begin{lstlisting} - Definition double x := x + x. - Definition ddouble x := double (double x). - Lemma ex1 x : ddouble x = 4 * x. - rewrite [ddouble _]/double. -\end{lstlisting} - -The resulting goal is: - -\begin{lstlisting} - double x + double x = 4 * x -\end{lstlisting} - -\emph{Warning} The \ssr{} terms containing holes are \emph{not} -typed as abstractions in this context. Hence the following script: -\begin{lstlisting} - Definition f := fun x y => x + y. - Goal forall x y, x + y = f y x. - move=> x y. - rewrite -[f y]/(y + _). -\end{lstlisting} -raises the error message -\begin{verbatim} - User error: fold pattern (y + _) does not match redex (f y) -\end{verbatim} -but the script obtained by replacing the last line with: -\begin{lstlisting} - rewrite -[f y x]/(y + _). -\end{lstlisting} -is valid. - - -\item A term, which can be: - \begin{itemize} - \item A term whose type has the form: - $$\ssrC{forall}\ (x_1\ :\ A_1)\dots(x_n\ :\ A_n),\ eq\ term_1\ term_2$$ - where $eq$ is the Leibniz equality or a registered setoid - equality. %In the case of setoid relations, the only supported - %r-prefix is the directional \ssrC{-}. - \item A list of terms $(t_1,\dots,t_n)$, each $t_i$ having a type of the - form: $$\ssrC{forall}\ (x_1\ :\ A_1)\dots(x_n\ :\ A_n),\ eq\ term_1\ term_2$$ where - $eq$ is the Leibniz equality or a registered setoid - equality. The tactic: - - \centerline{\ssrC{rewrite} \ssrN{r-prefix}\ssrC{(}$t_1$\ssrC{,}$\dots$\ssrC{,}$t_n$\ssrC{).}} - - is equivalent to: - - \centerline{\ssrC{do [rewrite} \ssrN{r-prefix} $t_1$ \ssrC{|} $\dots$ \ssrC| rewrite} \ssrN{r-prefix} $t_n$\ssrC{].} - - \item An anonymous rewrite lemma - \ssrC{(_ :} {\term}), where \textit{term} has again the form: - $$\ssrC{forall}\ (x_1\ :\ A_1)\dots(x_n\ :\ A_n),\ eq\ term_1\ term_2$$ - The tactic: - - \centerline{\ssrC{rewrite (_ :} {\term}\ssrC{)}} - - is in fact synonym of: - - \centerline{\ssrC{cutrewrite (}{\term}\ssrC{).}} - - - \end{itemize} - -\end{itemize} - - - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Remarks and examples}\label{ssec:rwex} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Rewrite redex selection} -The general strategy of \ssr{} -is to grasp as many redexes as possible and to let the user select the -ones to be rewritten thanks to the improved syntax for the control of -rewriting. - -This may be a source of incompatibilities between the two \ssrC{rewrite} -tactics. - -In a rewrite tactic of the form: - - \ssrC{rewrite} \ssrN{occ-switch}\ssrC{[}\ssrN[1]{term}\ssrC{]}\ssrN[2]{term}. - -\ssrN[1]{term} is the explicit rewrite redex and -\ssrN[2]{term} is the -rewrite rule. This execution of this tactic unfolds as follows: - -\begin{itemize} -\item First \ssrN[1]{term} and \ssrN[2]{term} are $\beta\iota$ normalized. Then - \ssrN[2]{term} is put in head normal form if the Leibniz equality - constructor \ssrC{eq} is not the head symbol. This may involve $\zeta$ - reductions. -\item Then, the matching algorithm (see section \ref{ssec:set}) - determines the first subterm of the goal matching the rewrite pattern. - The rewrite pattern is - given by \ssrN[1]{term}, if an explicit redex pattern switch is provided, or by - the type of \ssrN[2]{term} otherwise. However, matching skips over - matches that would lead to trivial rewrites. All the - occurrences of this subterm in the goal are candidates for rewriting. -\item Then only the occurrences coded by \ssrN{occ-switch} (see again - section \ref{ssec:set}) are finally selected for rewriting. -\item The left hand side of $\ssrN[2]{term}$ is unified with the subterm found - by the matching algorithm, and if this succeeds, all the selected - occurrences in the goal are replaced by the right hand side of - $\ssrN[2]{term}$. -\item Finally the goal is $\beta\iota$ normalized. -\end{itemize} - -In the case $\ssrN[2]{term}$ is a list of terms, the first top-down (in -the goal) left-to-right (in the list) matching rule gets selected. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Chained rewrite steps} - - -The possibility to chain rewrite operations in a single tactic makes -scripts more compact and gathers in a single command line a bunch -of surgical -operations which would be described by a one sentence in a pen and -paper proof. - -Performing rewrite and simplification operations in a single tactic -enhances significantly the concision of scripts. For instance the -tactic: -\begin{lstlisting} - rewrite /my_def {2}[f _]/= my_eq //=. -\end{lstlisting} -unfolds \ssrC{my_def} in the goal, simplifies the second occurrence of the -first subterm matching pattern \ssrC{[f _]}, rewrites \ssrC{my_eq}, -simplifies the whole goal and closes trivial goals. - -Here are some concrete examples of chained rewrite operations, in the -proof of basic results on natural numbers arithmetic: - -\begin{lstlisting} - Lemma |*addnS*| : forall m n, m + n.+1 = (m + n).+1. - Proof. by move=> m n; elim: m. Qed. - - Lemma |*addSnnS*| : forall m n, m.+1 + n = m + n.+1. - Proof. move=> *; rewrite addnS; apply addSn. Qed. - - Lemma |*addnCA*| : forall m n p, m + (n + p) = n + (m + p). - Proof. by move=> m n; elim: m => [|m Hrec] p; rewrite ?addSnnS -?addnS. Qed. - - Lemma |*addnC*| : forall m n, m + n = n + m. - Proof. by move=> m n; rewrite -{1}[n]addn0 addnCA addn0. Qed. -\end{lstlisting} - -Note the use of the \ssrC{?} switch for parallel rewrite operations in -the proof of \ssrC{|*addnCA*|}. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Explicit redex switches are matched first} -If an \ssrN{r-prefix} involves a \emph{redex switch}, the first step is to -find a subterm matching this redex pattern, independently from the left hand -side \ssrC{t1} of the equality the user wants to rewrite. - -For instance, if \ssrL-H : forall t u, t + u = u + t- is in the context of a -goal \ssrL-x + y = y + x-, the tactic: -\begin{lstlisting} - rewrite [y + _]H. -\end{lstlisting} -transforms the goal into \ssrL-x + y = x + y-. - -Note that if this first pattern matching is not compatible with the -\emph{r-item}, the rewrite fails, even if the goal contains a correct -redex matching both the redex switch and the left hand side of the -equality. For instance, if \ssrL-H : forall t u, t + u * 0 = t- is -in the context of a goal \ssrL-x + y * 4 + 2 * 0 = x + 2 * 0-, then tactic: -\begin{lstlisting} - rewrite [x + _]H. -\end{lstlisting} -raises the error message: -\begin{verbatim} - User error: rewrite rule H doesn't match redex (x + y * 4) -\end{verbatim} -while the tactic: -\begin{lstlisting} - rewrite (H _ 2). -\end{lstlisting} -transforms the goal into \ssrL-x + y * 4 = x + 2 * 0-. - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Occurrence switches and redex switches} -The tactic: -\begin{lstlisting} - rewrite {2}[_ + y + 0](_: forall z, z + 0 = z). -\end{lstlisting} -transforms the goal: -\begin{lstlisting} - x + y + 0 = x + y + y + 0 + 0 + (x + y + 0) -\end{lstlisting} -into: -\begin{lstlisting} - x + y + 0 = x + y + y + 0 + 0 + (x + y) -\end{lstlisting} -and generates a second subgoal: -\begin{lstlisting} - forall z : nat, z + 0 = z -\end{lstlisting} -The second subgoal is generated by the use of an anonymous lemma in -the rewrite tactic. The effect of the tactic on the initial goal is to -rewrite this lemma at the second occurrence of the first matching -\ssrL-x + y + 0- of the explicit rewrite redex \ssrL-_ + y + 0-. - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Occurrence selection and repetition} -Occurrence selection has priority over repetition switches. This means -the repetition of a rewrite tactic specified by a multiplier -will perform matching each time an elementary rewrite operation is -performed. Repeated rewrite tactics apply to every subgoal generated -by the previous tactic, including the previous instances of the -repetition. For example: -\begin{lstlisting} - Goal forall x y z : nat, x + 1 = x + y + 1. - move=> x y z. -\end{lstlisting} -creates a goal \ssrC{ x + 1 = x + y + 1}, which is turned into \ssrC{z = z} -by the additional tactic: -\begin{lstlisting} - rewrite 2!(_ : _ + 1 = z). -\end{lstlisting} -In fact, this last tactic generates \emph{three} subgoals, -respectively -\ssrC{ x + y + 1 = z}, \ssrC{ z = z} and \ssrC{x + 1 = z}. Indeed, the second -rewrite operation specified with the \ssrC{2!} multiplier applies to -the two subgoals generated by the first rewrite. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Multi-rule rewriting} -The \ssrC{rewrite} tactic can be provided a \emph{tuple} of rewrite rules, -or more generally a tree of such rules, since this tuple can feature -arbitrary inner parentheses. We call \emph{multirule} such a -generalized rewrite rule. This feature is of special interest when it -is combined with multiplier switches, which makes the \ssrC{rewrite} -tactic iterates the rewrite operations prescribed by the rules on the -current goal. For instance, let us define two triples \ssrC{multi1} and -\ssrC{multi2} as: -\begin{lstlisting} - Variables (a b c : nat). - - Hypothesis eqab : a = b. - - Hypothesis eqac : a = c. -\end{lstlisting} - -Executing the tactic: -\begin{lstlisting} - rewrite (eqab, eqac) -\end{lstlisting} -on the goal: -\begin{lstlisting} - ========= - a = a -\end{lstlisting} -turns it into \ssrC{b = b}, as rule \ssrC{eqab} is the first to apply among -the ones gathered in the tuple passed to the \ssrC{rewrite} -tactic. This multirule \ssrC{(eqab, eqac)} is actually a \Coq{} term and we -can name it with a definition: -\begin{lstlisting} -Definition |*multi1*| := (eqab, eqac). -\end{lstlisting} -In this case, the tactic \ssrC{rewrite multi1} is a synonym for -\ssrC{(eqab, eqac)}. More precisely, a multirule rewrites -the first subterm to which one of the rules applies in a left-to-right -traversal of the goal, with the first rule from the multirule tree in -left-to-right order. Matching is performed according to the algorithm -described in Section~\ref{ssec:set}, but literal matches have -priority. For instance if we add a definition and a new multirule to -our context: - -\begin{lstlisting} - Definition |*d*| := a. - - Hypotheses eqd0 : d = 0. - - Definition |*multi2*| := (eqab, eqd0). -\end{lstlisting} -then executing the tactic: -\begin{lstlisting} - rewrite multi2. -\end{lstlisting} -on the goal: -\begin{lstlisting} - ========= - d = b -\end{lstlisting} -turns it into \ssrC{0 = b}, as rule \ssrC{eqd0} applies without unfolding -the definition of \ssrC{d}. For repeated rewrites the selection process -is repeated anew. For instance, if we define: - -\begin{lstlisting} - Hypothesis eq_adda_b : forall x, x + a = b. - - Hypothesis eq_adda_c : forall x, x + a = c. - - Hypothesis eqb0 : b = 0. - - Definition |*multi3*| := (eq_adda_b, eq_adda_c, eqb0). -\end{lstlisting} -then executing the tactic: -\begin{lstlisting} - rewrite 2!multi3. -\end{lstlisting} -on the goal: -\begin{lstlisting} - ========= - 1 + a = 12 + a -\end{lstlisting} -turns it into \ssrC{0 = 12 + a}: it uses \ssrC{eq_adda_b} then \ssrC{eqb0} on the -left-hand side only. Now executing the tactic \ssrC{rewrite !multi3} -turns the same goal into \ssrC{0 = 0}. - -The grouping of rules inside a multirule does not affect the selection -strategy but can make it easier to include one rule set in another or -to (universally) quantify over the parameters of a subset of rules (as -there is special code that will omit unnecessary quantifiers for rules that -can be syntactically extracted). It is also possible to -reverse the direction of a rule subset, using a special dedicated syntax: -the tactic \ssrC{rewrite (=~ multi1)} is equivalent to -\ssrC{rewrite multi1_rev} with: -\begin{lstlisting} - Hypothesis eqba : b = a. - - Hypothesis eqca : c = a. - - Definition |*multi1_rev*| := (eqba, eqca). -\end{lstlisting} -except that the constants \ssrC{eqba, eqab, mult1_rev} have not been created. - -Rewriting with multirules is useful to implement simplification or -transformation procedures, to be applied on terms of small to medium -size. For instance, the library \ssrL{ssrnat} --- available in the -external math-comp library --- provides two implementations for -arithmetic operations on natural numbers: an elementary one and a tail -recursive version, less inefficient but also less convenient for -reasoning purposes. The library also provides one lemma per such -operation, stating that both versions return the same values when -applied to the same arguments: - -\begin{lstlisting} - Lemma |*addE*| : add =2 addn. - Lemma |*doubleE*| : double =1 doublen. - Lemma |*add_mulE*| n m s : add_mul n m s = addn (muln n m) s. - Lemma |*mulE*| : mul =2 muln. - Lemma |*mul_expE*| m n p : mul_exp m n p = muln (expn m n) p. - Lemma |*expE*| : exp =2 expn. - Lemma |*oddE*| : odd =1 oddn. -\end{lstlisting} - -The operation on the left hand side of each lemma is the efficient -version, and the corresponding naive implementation is on the right -hand side. In order to reason conveniently on expressions involving -the efficient operations, we gather all these rules in the -definition \ssrC{|*trecE*|}: -\begin{lstlisting} - Definition |*trecE*| := (addE, (doubleE, oddE), (mulE, add_mulE, (expE, mul_expE))). -\end{lstlisting} -The tactic: -\begin{lstlisting} - rewrite !trecE. -\end{lstlisting} -restores the naive versions of each operation in a goal involving the -efficient ones, e.g. for the purpose of a correctness proof. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Wildcards vs abstractions} - The \ssrC{rewrite} tactic supports r-items containing holes. For example - in the tactic $(1)$: -\begin{lstlisting} - rewrite (_ : _ * 0 = 0). -\end{lstlisting} - the term \ssrC{_ * 0 = 0} is interpreted as \ssrC{forall n : nat, n * 0 = 0}. - Anyway this tactic is \emph{not} equivalent to the tactic $(2)$: -\begin{lstlisting} - rewrite (_ : forall x, x * 0 = 0). -\end{lstlisting} - The tactic $(1)$ transforms the goal - \ssrL-(y * 0) + y * (z * 0) = 0- into \ssrC{y * (z * 0) = 0} - and generates a new subgoal to prove the statement \ssrC{y * 0 = 0}, - which is the \emph{instance} of the\\ \ssrC{forall x, x * 0 = 0} - rewrite rule that - has been used to perform the rewriting. On the other hand, tactic - $(2)$ performs the same rewriting on the current goal but generates a - subgoal to prove \ssrC{forall x, x * 0 = 0}. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{When \ssr{} \ssrC{rewrite} fails on standard \Coq{} licit rewrite} -In a few cases, the \ssr{} \ssrC{rewrite} tactic fails -rewriting some redexes which standard \Coq{} successfully rewrites. -There are two main cases: - -\begin{itemize} -\item \ssr{} never accepts to rewrite indeterminate patterns like: -\begin{lstlisting} - Lemma |*foo*| : forall x : unit, x = tt. -\end{lstlisting} -\ssr{} will however accept the $\eta\zeta$ expansion of this rule: -\begin{lstlisting} - Lemma |*fubar*| : forall x : unit, (let u := x in u) = tt. -\end{lstlisting} -\item In standard \Coq{}, suppose that we work in the following context: -\begin{lstlisting} - Variable g : nat -> nat. - Definition |*f*| := g. -\end{lstlisting} -then rewriting \ssrC{H : forall x, f x = 0} in the goal -\ssrC{g 3 + g 3 = g 6} succeeds -and transforms the goal into \ssrC{0 + 0 = g 6}. - -This rewriting is not possible in \ssr{} because there is no -occurrence of the head symbol \ssrC{f} of the rewrite rule in the -goal. Rewriting with \ssrC{H} first requires unfolding the occurrences of -\ssrC{f} where the substitution is to be performed (here there is a single -such occurrence), using tactic \ssrC{rewrite /f} (for a global -replacement of \ssrC{f} by \ssrC{g}) or \ssrC{rewrite $\ \ssrN{pattern}$/f}, for a -finer selection. -\end{itemize} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Existential metavariables and rewriting} -\label{ssec:rewcaveats} -The \ssrC{rewrite} tactic will not instantiate existing existential -metavariables when matching a redex pattern. - -If a rewrite rule generates a goal -with new existential metavariables, these will be generalized as for \ssrC{apply} -(see page~\pageref{sssec:apply}) and corresponding new goals will be generated. -For example, consider the following script: - -\begin{lstlisting} - Lemma |*ex3*| (x : 'I_2) y (le_1 : y < 1) (E : val x = y) : Some x = insub y. - rewrite insubT ?(leq_trans le_1)// => le_2. -\end{lstlisting} - -Since \ssrC{insubT} has the following type: - -\begin{lstlisting} - forall T P (sT : subType P) (x : T) (Px : P x), insub x = Some (Sub x Px) -\end{lstlisting} - -and since the implicit argument corresponding to the \ssrC{Px} abstraction is not -supplied by the user, the resulting goal should be \ssrC{Some x = Some (Sub y -$\;\;?_{Px}$)}. Instead, \ssr{} \ssrC{rewrite} tactic generates the two following -goals: -\begin{lstlisting} - y < 2 - forall Hyp0 : y < 2, Some x = Some (Sub y Hyp0) -\end{lstlisting} -The script closes the former with \ssrC{?(leq_trans le_1)//}, then it introduces -the new generalization naming it \ssrC{le_2}. - -\begin{lstlisting} - x : 'I_2 - y : nat - le_1 : y < 1 - E : val x = y - le_2 : y < 2 - ============================ - Some x = Some (Sub y le_2) -\end{lstlisting} - -As a temporary limitation, this behavior is available only if the rewriting -rule is stated using Leibniz equality (as opposed to setoid relations). -It will be extended to other rewriting relations in the future. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Locking, unlocking} \label{ssec:lock} - -As program proofs tend to generate large goals, it is important to be -able to control the partial evaluation performed by the simplification -operations that are performed by the tactics. These evaluations can -for example come from a \ssrC{/=} simplification switch, or from rewrite steps -which may expand large terms while performing conversion. We definitely -want to avoid repeating large subterms of the goal in -the proof script. We do this by -``clamping down'' selected function symbols in the goal, which -prevents them from -being considered in simplification or rewriting steps. This clamping -is accomplished by using the occurrence switches (see section -\ref{sssec:occselect}) together with ``term tagging'' operations. - -\ssr{} provides two levels of tagging. - -The first one uses auxiliary definitions to introduce a provably equal -copy of any term \ssrC{t}. However this copy is (on purpose) -\emph{not convertible} to \ssrC{t} in the \Coq{} system\footnote{This is - an implementation feature: there is not such obstruction in the - metatheory}. The job is done by the following construction: - -\begin{lstlisting} - Lemma |*master_key*| : unit. Proof. exact tt. Qed. - Definition |*locked*| A := let: tt := master_key in fun x : A => x. - Lemma |*lock*| : forall A x, x = locked x :> A. -\end{lstlisting} -Note that the definition of \ssrC{|*master_key*|} is explicitly opaque. -The equation \ssrC{t = locked t} given by the \ssrC{lock} lemma can be used -for selective rewriting, blocking on the fly the reduction in the -term \ssrC{t}. -For example the script: -\begin{lstlisting} - Require Import List. - Variable A : Type. - - Fixpoint |*my_has*| (p : A -> bool)(l : list A){struct l} : bool:= - match l with - |nil => false - |cons x l => p x || (my_has p l) - end. - - Goal forall a x y l, a x = true -> my_has a ( x :: y :: l) = true. - move=> a x y l Hax. -\end{lstlisting} -where \ssrL{||} denotes the boolean disjunction, results in a goal -\ssrC{my_has a ( x :: y :: l) = true}. The tactic: -\begin{lstlisting} - rewrite {2}[cons]lock /= -lock. -\end{lstlisting} -turns it into \ssrC{a x || my_has a (y :: l) = true}. -Let us now start by reducing the initial goal without blocking reduction. -The script: -\begin{lstlisting} - Goal forall a x y l, a x = true -> my_has a ( x :: y :: l) = true. - move=> a x y l Hax /=. -\end{lstlisting} -creates a goal \ssrC{(a x) || (a y) || (my_has a l) = true}. Now the -tactic: -\begin{lstlisting} - rewrite {1}[orb]lock orbC -lock. -\end{lstlisting} -where \ssrC{orbC} states the commutativity of \ssrC{orb}, changes the -goal into\\ \ssrC{(a x) || (my_has a l) || (a y) = true}: only the -arguments of the second disjunction where permuted. - - -It is sometimes desirable to globally prevent a definition from being -expanded by simplification; this is done by adding \ssrC{locked} in the -definition. - -For instance, the function \ssrC{|*fgraph_of_fun*|} maps a function whose -domain and codomain are finite types to a concrete representation of -its (finite) graph. Whatever implementation of this transformation we -may use, we want it to be hidden to simplifications and tactics, to -avoid the collapse of the graph object: -\begin{lstlisting} - Definition |*fgraph_of_fun*| := - locked - (fun (d1 :finType) (d2 :eqType) (f : d1 -> d2) => Fgraph (size_maps f _)). -\end{lstlisting} - -We provide a special tactic \ssrC{unlock} for unfolding such definitions -while removing ``locks'', e.g., the tactic: - - \ssrC{unlock} \ssrN{occ-switch}\ssrC{fgraph_of_fun}. - -replaces the occurrence(s) of \ssrC{fgraph_of_fun} coded by the \ssrN{occ-switch} -with \ssrC{(Fgraph (size_maps _ _))} in the goal. - -We found that it was usually preferable to prevent the expansion of -some functions by the partial evaluation switch ``/='', unless -this allowed the evaluation of a condition. This is possible thanks to -an other mechanism of term tagging, resting on the following -\emph{Notation}: -\begin{lstlisting} - Notation "'nosimpl' t" := (let: tt := tt in t). -\end{lstlisting} - -The term \ssrC{(nosimpl t)} simplifies to t \emph{except} in a -definition. More precisely, -given: -\begin{lstlisting} - Definition |*foo*| := (nosimpl bar). -\end{lstlisting} -the term \ssrC{foo (or (foo t'))} will \emph{not} be expanded by the -\emph{simpl} tactic unless it is in a forcing context (e.g., in -\ssrC{match foo t' with $\dots$ end}, \ssrC{foo t'} will be reduced if this allows -\ssrC{match} to be reduced). Note that \ssrC{nosimpl bar} is simply notation -for a term that reduces to \ssrC{bar}; hence \ssrC{unfold foo} will replace - \ssrC{foo} by \ssrC{bar}, and \ssrC{fold foo} will replace \ssrC{bar} by - \ssrC{foo}. - -\emph{Warning} The \ssrC{nosimpl} trick only works if no reduction is -apparent in \ssrC{t}; in particular, the declaration: -\begin{lstlisting} - Definition |*foo*| x := nosimpl (bar x). -\end{lstlisting} -will usually not work. Anyway, the common practice is to tag only the -function, and to use the following definition, which blocks the -reduction as expected: -\begin{lstlisting} - Definition |*foo*| x := nosimpl bar x. -\end{lstlisting} - - -A standard example making this technique shine is the case of -arithmetic operations. We define for instance: -\begin{lstlisting} - Definition |*addn*| := nosimpl plus. -\end{lstlisting} -The operation \ssrC{addn} behaves exactly like plus, except that -\ssrC{(addn (S n) m)} will not -simplify spontaneously to \ssrC{(S (addn n m))} (the two terms, however, are -inter-convertible). In addition, the unfolding step: -\begin{lstlisting} -rewrite /addn -\end{lstlisting} -will replace \ssrC{addn} directly with \ssrC{plus}, so the \ssrC{nosimpl} form -is essentially invisible. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Congruence}\label{ssec:congr} - -Because of the way matching interferes with type families parameters, -the tactic: -\begin{lstlisting} - apply: my_congr_property. -\end{lstlisting} -will generally fail to perform congruence simplification, even on -rather simple cases. We therefore provide a -more robust alternative in which the function is supplied: -$$\ssrC{congr}\ [\ssrN{int}]\ {\term}$$ - -This tactic: -\begin{itemize} -\item checks that the goal is a Leibniz equality -\item matches both sides of this equality with ``{\term} applied to - some arguments'', inferring the right number of arguments from the goal - and the type of {\term}. This may - expand some definitions or fixpoints. -\item generates the subgoals corresponding to pairwise equalities of - the arguments present in the goal. -\end{itemize} - -The goal can be a non dependent product \ssrC{P -> Q}. -In that case, the system asserts the equation \ssrC{P = Q}, uses it to solve -the goal, and calls the \ssrC{congr} tactic on the remaining goal -\ssrC{P = Q}. This can be useful for instance to perform a transitivity -step, like in the following situation: -\begin{lstlisting} - x, y, z : nat - =============== - x = y -> x = z -\end{lstlisting} -the tactic \ssrC{congr (_ = _)} turns this goal into: - -\begin{lstlisting} - x, y, z : nat - =============== - y = z -\end{lstlisting} -which can also be obtained starting from: -\begin{lstlisting} - x, y, z : nat - h : x = y - =============== - x = z -\end{lstlisting} -and using the tactic \ssrC{congr (_ = _): h}. - -The optional \ssrN{int} forces the number of arguments for which the -tactic should generate equality proof obligations. - -This tactic supports equalities between applications with dependent -arguments. Yet dependent arguments should have exactly the same -parameters on both sides, and these parameters should appear as first -arguments. - -The following script: -\begin{lstlisting} - Definition f n := match n with 0 => plus | S _ => mult end. - Definition g (n m : nat) := plus. - - Goal forall x y, f 0 x y = g 1 1 x y. - by move=> x y; congr plus. - Qed. -\end{lstlisting} -shows that the \ssrC{congr} tactic matches \ssrC{plus} with \ssrC{f 0} on the -left hand side and \ssrC{g 1 1} on the right hand side, and solves the goal. - -The script: -\begin{lstlisting} - Goal forall n m, m <= n -> S m + (S n - S m) = S n. - move=> n m Hnm; congr S; rewrite -/plus. -\end{lstlisting} -generates the subgoal \ssrC{m + (S n - S m) = n}. The tactic -\ssrC{rewrite -/plus} folds back the expansion of \ssrC{plus} which was -necessary for matching both sides of the equality with an application -of \ssrC{S}. - -Like most \ssr{} arguments, {\term} can contain wildcards. -The script: -\begin{lstlisting} - Goal forall x y, x + (y * (y + x - x)) = x * 1 + (y + 0) * y. - move=> x y; congr ( _ + (_ * _)). -\end{lstlisting} -generates three subgoals, respectively \ssrC{x = x * 1}, \ssrC{y = y + 0} -and \ssrC{ y + x - x = y}. -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\section{Contextual patterns} -\label{ssec:rewp} - -The simple form of patterns used so far, ${\term}s$ possibly containing -wild cards, often require an additional \ssrN{occ-switch} to be specified. -While this may work pretty fine for small goals, the use of polymorphic -functions and dependent types may lead to an invisible duplication of functions -arguments. These copies usually end up in types hidden by the implicit -arguments machinery or by user defined notations. In these situations -computing the right occurrence numbers is very tedious because they must be -counted on the goal as printed after setting the \ssrC{Printing All} flag. -Moreover the resulting script is not really informative for the reader, since -it refers to occurrence numbers he cannot easily see. - -Contextual patterns mitigate these issues allowing to specify occurrences -according to the context they occur in. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Syntax} - -The following table summarizes the full syntax of -\ssrN{c-pattern} and the corresponding subterm(s) identified -by the pattern. -In the third column we use s.m.r. for -``the subterms matching the redex'' specified in the second column. - -\begin{center} -%\begin{tabularx}{\textwidth}{>{\arraybackslash}m{0.30\textwidth}|>{\arraybackslash}m{0.21\textwidth}|>{\arraybackslash}m{0.39\textwidth}} -\begin{tabular}{llp{10em}} -\ssrN{c-pattern} & redex & subterms affected \\ -\hline -{\term} & {\term} & all occurrences of {\term}\\ -\hline -$\ssrN{ident}\ \ssrC{in}\ {\term}$ & - subterm of {\term} selected by \ssrN{ident} & - all the subterms identified by \ssrN{ident} in all - the occurrences of {\term} \\ -\hline -$\ssrN[1]{term}\ \ssrC{in}\ \ssrN{ident}\ \ssrC{in}\ \ssrN[2]{term}$ & $\ssrN[1]{term}$ & - in all s.m.r. in all the subterms identified by \ssrN{ident} in all - the occurrences of $\ssrN[2]{term}$ \\ -\hline -$\ssrN[1]{term}\ \ssrC{as}\ \ssrN{ident}\ \ssrC{in}\ \ssrN[2]{term}$ & $\ssrN[1]{term}$ & - in all the subterms identified by \ssrN{ident} in all - the occurrences of $\ssrN[2]{term}[\ssrN[1]{term}/\ssrN{ident}]$\\ -\hline -%\end{tabularx} -\end{tabular} -\end{center} - -The \ssrC{rewrite} tactic supports two more patterns obtained -prefixing the first two with \ssrC{in}. The intended meaning is that the -pattern identifies all subterms of the specified context. The -\ssrC{rewrite} tactic will infer a pattern for the redex looking at the -rule used for rewriting. - -\begin{center} -\begin{tabularx}{\textwidth}{>{\arraybackslash}m{0.30\textwidth}|>{\arraybackslash}m{0.21\textwidth}|>{\arraybackslash}m{0.39\textwidth}} -\ssrN{r-pattern} & redex & subterms affected \\ -\hline -$\ssrC{in}\ {\term}$ & inferred from rule & - in all s.m.r. in all occurrences of {\term}\\ -\hline -$\ssrC{in}\ \ssrN{ident}\ \ssrC{in}\ {\term}$ & inferred from rule & - in all s.m.r. in all the subterms identified by \ssrN{ident} in all - the occurrences of {\term} \\ -\hline -\end{tabularx} -\end{center} - -The first \ssrN{c-pattern} is the simplest form matching any -context but selecting a specific redex and has been described in the -previous sections. We have seen so far that the possibility of -selecting a redex using a term with holes is already a powerful mean of redex -selection. Similarly, any {\term}s provided by the -user in the more complex forms of \ssrN{c-pattern}s presented in the -tables above can contain holes. - -For a quick glance at what can be expressed with the last -\ssrN{r-pattern} consider the goal \ssrC{a = b} and the tactic -\begin{lstlisting} - rewrite [in X in _ = X]rule. -\end{lstlisting} -It rewrites all occurrences of the left hand side of \ssrC{rule} inside -\ssrC{b} only (\ssrC{a}, and the hidden type of the equality, are ignored). -Note that the variant \ssrC{rewrite [X in _ = X]rule} would have -rewritten \ssrC{b} exactly (i.e., it would only work if \ssrC{b} and the -left hand side of \ssrC{rule} can be unified). - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Matching contextual patterns} - -The \ssrN{c-pattern}s and \ssrN{r-pattern}s involving -{\term}s with holes are matched -against the goal in order to find a closed instantiation. This -matching proceeds as follows: - -\begin{center} -\begin{tabularx}{\textwidth}{>{\arraybackslash}m{0.30\textwidth}|>{\arraybackslash}m{0.65\textwidth}} -\ssrN{c-pattern} & instantiation order and place for $\ssrN[i]{term}$ and redex\\ -\hline -{\term} & {\term} is matched against the goal, redex is unified with - the instantiation of {\term}\\ -\hline -$\ssrN{ident}\ \ssrC{in}\ {\term}$ & - {\term} is matched against the goal, redex is - unified with the subterm of the - instantiation of {\term} identified by \ssrN{ident}\\ -\hline -$\ssrN[1]{term}\ \ssrC{in}\ \ssrN{ident}\ \ssrC{in}\ \ssrN[2]{term}$ & - $\ssrN[2]{term}$ is matched against the goal, $\ssrN[1]{term}$ is - matched against the subterm of the - instantiation of $\ssrN[1]{term}$ identified by \ssrN{ident}, - redex is unified with the instantiation of $\ssrN[1]{term}$\\ -\hline -$\ssrN[1]{term}\ \ssrC{as}\ \ssrN{ident}\ \ssrC{in}\ \ssrN[2]{term}$ & - $\ssrN[2]{term}[\ssrN[1]{term}/\ssrN{ident}]$ - is matched against the goal, - redex is unified with the instantiation of $\ssrN[1]{term}$\\ -\hline -\end{tabularx} -\end{center} - -In the following patterns, the redex is intended to be inferred from the -rewrite rule. - -\begin{center} -\begin{tabularx}{\textwidth}{>{\arraybackslash}m{0.30\textwidth}|>{\arraybackslash}m{0.65\textwidth}} -\ssrN{r-pattern} & instantiation order and place for $\ssrN[i]{term}$ and redex\\ -\hline -$\ssrC{in}\ \ssrN{ident}\ \ssrC{in}\ {\term}$ & - {\term} is matched against the goal, the redex is - matched against the subterm of the - instantiation of {\term} identified by \ssrN{ident}\\ -\hline -$\ssrC{in}\ {\term}$ & {\term} is matched against the goal, redex is - matched against the instantiation of {\term}\\ -\hline -\end{tabularx} -\end{center} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Examples} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection{Contextual pattern in \ssrC{set} and the \ssrC{:} tactical} - -As already mentioned in section~\ref{ssec:set} the \ssrC{set} tactic -takes as an argument a term in open syntax. This term is interpreted -as the simplest for of \ssrN{c-pattern}. To void confusion in the grammar, -open syntax is supported only for the simplest form of patterns, while - parentheses are required around more complex patterns. - -\begin{lstlisting} -set t := (X in _ = X). -set t := (a + _ in X in _ = X). -\end{lstlisting} - -Given the goal \ssrC{a + b + 1 = b + (a + 1)} the first tactic -captures \ssrC{b + (a + 1)}, while the latter \ssrC{a + 1}. - -Since the user may define an infix notation for \ssrC{in} the former -tactic may result ambiguous. The disambiguation rule implemented is -to prefer patterns over simple terms, but to interpret a pattern with -double parentheses as a simple term. For example -the following tactic would capture any occurrence of the term `\ssrC{a in A}'. - -\begin{lstlisting} -set t := ((a in A)). -\end{lstlisting} - -Contextual pattern can also be used as arguments of the \ssrC{:} tactical. -For example: -\begin{lstlisting} -elim: n (n in _ = n) (refl_equal n). -\end{lstlisting} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection{Contextual patterns in \ssrC{rewrite}} -As a more comprehensive example consider the following goal: -\begin{lstlisting} - (x.+1 + y) + f (x.+1 + y) (z + (x + y).+1) = 0 -\end{lstlisting} -The tactic \ssrC{rewrite [in f _ _]addSn} turns it into: -\begin{lstlisting} - (x.+1 + y) + f (x + y).+1 (z + (x + y).+1) = 0 -\end{lstlisting} -since the simplification rule \ssrC{addSn} is applied only under the \ssrC{f} symbol. -Then we simplify also the first addition and expand \ssrC{0} into \ssrC{0+0}. -\begin{lstlisting} - rewrite addSn -[X in _ = X]addn0. -\end{lstlisting} -obtaining: -\begin{lstlisting} - (x + y).+1 + f (x + y).+1 (z + (x + y).+1) = 0 + 0 -\end{lstlisting} -Note that the right hand side of \ssrC{addn0} is undetermined, but the -rewrite pattern specifies the redex explicitly. The right hand side of -\ssrC{addn0} is unified with the term identified by \ssrC{X}, \ssrC{0} here. - -The following pattern does not specify a redex, since it -identifies an entire region, hence the rewrite rule has to be instantiated -explicitly. Thus the tactic: -\begin{lstlisting} - rewrite -{2}[in X in _ = X](addn0 0). -\end{lstlisting} -changes the goal as follows: -\begin{lstlisting} - (x + y).+1 + f (x + y).+1 (z + (x + y).+1) = 0 + (0 + 0) -\end{lstlisting} -The following tactic is quite tricky: -\begin{lstlisting} - rewrite [_.+1 in X in f _ X](addnC x.+1). -\end{lstlisting} -and the resulting goals is: -\begin{lstlisting} - (x + y).+1 + f (x + y).+1 (z + (y + x.+1)) = 0 + (0 + 0) -\end{lstlisting} -The explicit redex \ssrC{_.+1} is important since its head -constant \ssrC{S} differs from the head constant inferred from -\ssrC{(addnC x.+1)} (that is \ssrC{addn}, denoted \ssrC{+} here). -Moreover, the pattern \ssrC{f _ X} is important to rule out the first occurrence -of \ssrC{(x + y).+1}. Last, only the subterms of \ssrC{f _ X} identified by \ssrC{X} are -rewritten, thus the first argument of \ssrC{f} is skipped too. -Also note the pattern \ssrC{_.+1} is interpreted in the context -identified by \ssrC{X}, thus it gets instantiated to \ssrC{(y + x).+1} and -not \ssrC{(x + y).+1}. - -The last rewrite pattern allows to specify exactly the shape of the term -identified by \ssrC{X}, that is thus unified with the left hand side of the -rewrite rule. -\begin{lstlisting} - rewrite [x.+1 + y as X in f X _]addnC. -\end{lstlisting} -The resulting goal is: -\begin{lstlisting} - (x + y).+1 + f (y + x.+1) (z + (y + x.+1)) = 0 + (0 + 0) -\end{lstlisting} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Patterns for recurrent contexts} - -The user can define shortcuts for recurrent contexts corresponding to the -\ssrN{ident} \ssrC{in} {\term} part. The notation scope identified -with \ssrC{\%pattern} provides a special notation `\ssrC{(X in t)}' the user -must adopt to define context shortcuts. - -The following example is taken from \ssrC{ssreflect.v} where the -\ssrC{LHS} and \ssrC{RHS} shortcuts are defined. - -\begin{lstlisting} -Notation RHS := (X in _ = X)%pattern. -Notation LHS := (X in X = _)%pattern. -\end{lstlisting} - -Shortcuts defined this way can be freely used in place of the -trailing \ssrN{ident} \ssrC{in} {\term} part of any contextual -pattern. -Some examples follow: - -\begin{lstlisting} -set rhs := RHS. -rewrite [in RHS]rule. -case: (a + _ in RHS). -\end{lstlisting} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\section{Views and reflection}\label{sec:views} - -The bookkeeping facilities presented in section \ref{sec:book} are -crafted to ease simultaneous introductions and generalizations of facts and -casing, -naming $\dots$ operations. It also a common practice to make a stack -operation immediately followed by an \emph{interpretation} of the fact -being pushed, -that is, to apply a lemma to this fact before passing it -to a tactic for decomposition, application and so on. - - -% possibly - -% Small scale reflection consists in using a two levels -% approach locally when developing formal proofs. This means that a -% fact, which may be an assumption, or the goal itself, will often be -% \emph{interpreted} before being passed to a tactic -% for decomposition, application and so on. - -\ssr{} provides a convenient, unified syntax to combine these -interpretation operations with the proof stack operations. This -\emph{view mechanism} relies on the combination of the \ssrC{/} view -switch with bookkeeping tactics and tacticals. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Interpreting eliminations} -\idx{elim/\dots{}} - -The view syntax combined with the \ssrC{elim} tactic specifies an -elimination scheme to -be used instead of the default, generated, one. Hence the \ssr{} tactic: -\begin{lstlisting} - elim/V. -\end{lstlisting} -is a synonym for: -\begin{lstlisting} - intro top; elim top using V; clear top. -\end{lstlisting} -where \ssrC{top} is a fresh name and \ssrC{V} any second-order lemma. - -Since an elimination view supports the two bookkeeping tacticals of -discharge and introduction (see section \ref{sec:book}), the \ssr{} tactic: -\begin{lstlisting} - elim/V: x => y. -\end{lstlisting} -is a synonym for: -\begin{lstlisting} - elim x using V; clear x; intro y. -\end{lstlisting} -where \ssrC{x} is a variable in the context, \ssrC{y} a fresh name and \ssrC{V} -any second order lemma; \ssr{} relaxes the syntactic restrictions of -the \Coq{} \ssrC{elim}. The first pattern following \ssrC{:} can be a \ssrC{_} -wildcard if the conclusion of the view \ssrC{V} specifies a pattern for -its last argument (e.g., if \ssrC{V} is a functional induction lemma -generated by the \ssrC{Function} command). - -The elimination view mechanism is compatible with the equation name -generation (see section \ref{ssec:equations}). - -The following script illustrate a toy example of this feature. Let us -define a function adding an element at the end of a list: -\begin{lstlisting} - Require Import List. - - Variable d : Type. - - Fixpoint |*add_last*|(s : list d) (z : d) {struct s} : list d := - match s with - | nil => z :: nil - | cons x s' => cons x (add_last s' z) - end. -\end{lstlisting} - -One can define an alternative, reversed, induction principle on inductively -defined \ssrC{list}s, by proving the following lemma: - -\begin{lstlisting} - Lemma |*last_ind_list*| : forall (P : list d -> Type), - P nil -> - (forall (s : list d) (x : d), P s -> P (add_last s x)) -> forall s : list d, P s. -\end{lstlisting} - -Then the combination of elimination views with equation names result -in a concise syntax for reasoning inductively using the user -defined elimination scheme. The script: -\begin{lstlisting} - Goal forall (x : d)(l : list d), l = l. - move=> x l. - elim/last_ind_list E : l=> [| u v]; last first. -\end{lstlisting} -generates two subgoals: the first one to prove \ssrC{nil = nil} in a -context featuring \ssrC{E : l = nil} and the second to prove -\ssrC{add_last u v = add_last u v}, in a context containing -\ssrC{E : l = add_last u v}. - -User provided eliminators (potentially generated with the -\ssrC{Function} \Coq{}'s command) can be combined with the type family switches -described in section~\ref{ssec:typefam}. Consider an eliminator -\ssrC{foo_ind} of type: - - \ssrC{foo_ind : forall $\dots$, forall x : T, P p$_1$ $\dots$ p$_m$} - -and consider the tactic - - \ssrC{elim/foo_ind: e$_1$ $\dots$ / e$_n$} - -The \ssrC{elim/} tactic distinguishes two cases: -\begin{description} -\item[truncated eliminator] when \ssrC{x} does not occur in \ssrC{P p$_1 \dots$ p$_m$} - and the type of \ssrC{e$_n$} unifies with \ssrC{T} and \ssrC{e$_n$} is not \ssrC{_}. - In that case, \ssrC{e$_n$} is passed to the eliminator as the last argument - (\ssrC{x} in \ssrC{foo_ind}) and \ssrC{e$_{n-1} \dots$ e$_1$} are used as patterns - to select in the goal the occurrences that will be bound by the - predicate \ssrC{P}, thus it must be possible to unify the sub-term of - the goal matched by \ssrC{e$_{n-1}$} with \ssrC{p$_m$}, the one matched by - \ssrC{e$_{n-2}$} with \ssrC{p$_{m-1}$} and so on. -\item[regular eliminator] in all the other cases. Here it must be - possible to unify the term matched by - \ssrC{e$_n$} with \ssrC{p$_m$}, the one matched by - \ssrC{e$_{n-1}$} with \ssrC{p$_{m-1}$} and so on. Note that - standard eliminators have the shape \ssrC{$\dots$forall x, P $\dots$ x}, thus - \ssrC{e$_n$} is the pattern identifying the eliminated term, as expected. -\end{description} -As explained in section~\ref{ssec:typefam}, the initial prefix of -\ssrC{e$_i$} can be omitted. - -Here an example of a regular, but non trivial, eliminator: -\begin{lstlisting} - Function |*plus*| (m n : nat) {struct n} : nat := - match n with 0 => m | S p => S (plus m p) end. -\end{lstlisting} -The type of \ssrC{plus_ind} is -\begin{lstlisting} -plus_ind : forall (m : nat) (P : nat -> nat -> Prop), - (forall n : nat, n = 0 -> P 0 m) -> - (forall n p : nat, n = p.+1 -> P p (plus m p) -> P p.+1 (plus m p).+1) -> - forall n : nat, P n (plus m n) -\end{lstlisting} -Consider the following goal -\begin{lstlisting} - Lemma |*exF*| x y z: plus (plus x y) z = plus x (plus y z). -\end{lstlisting} -The following tactics are all valid and perform the same elimination -on that goal. -\begin{lstlisting} - elim/plus_ind: z / (plus _ z). - elim/plus_ind: {z}(plus _ z). - elim/plus_ind: {z}_. - elim/plus_ind: z / _. -\end{lstlisting} -In the two latter examples, being the user provided pattern a wildcard, the -pattern inferred from the type of the eliminator is used instead. For both -cases it is \ssrC{(plus _ _)} and matches the subterm \ssrC{plus (plus x y)$\;$z} thus -instantiating the latter \ssrC{_} with \ssrC{z}. Note that the tactic -\ssrC{elim/plus_ind: y / _} would have resulted in an error, since \ssrC{y} and \ssrC{z} -do no unify but the type of the eliminator requires the second argument of -\ssrC{P} to be the same as the second argument of \ssrC{plus} in the second -argument of \ssrC{P}. - -Here an example of a truncated eliminator. Consider the goal -\begin{lstlisting} - p : nat_eqType - n : nat - n_gt0 : 0 < n - pr_p : prime p - ================= - p %| \prod_(i <- prime_decomp n | i \in prime_decomp n) i.1 ^ i.2 -> - exists2 x : nat * nat, x \in prime_decomp n & p = x.1 -\end{lstlisting} -and the tactic -\begin{lstlisting} -elim/big_prop: _ => [| u v IHu IHv | [q e] /=]. -\end{lstlisting} -where the type of the eliminator is -\begin{lstlisting} -big_prop: forall (R : Type) (Pb : R -> Type) (idx : R) (op1 : R -> R -> R), - Pb idx -> - (forall x y : R, Pb x -> Pb y -> Pb (op1 x y)) -> - forall (I : Type) (r : seq I) (P : pred I) (F : I -> R), - (forall i : I, P i -> Pb (F i)) -> - Pb (\big[op1/idx]_(i <- r | P i) F i) -\end{lstlisting} -Since the pattern for the argument of \ssrC{Pb} is not specified, the inferred one -is used instead: \ssrC{(\\big[_/_]_(i <- _ | _ i) _ i)}, and after the -introductions, the following goals are generated. -\begin{lstlisting} -subgoal 1 is: - p %| 1 -> exists2 x : nat * nat, x \in prime_decomp n & p = x.1 -subgoal 2 is: - p %| u * v -> exists2 x : nat * nat, x \in prime_decomp n & p = x.1 -subgoal 3 is: - (q, e) \in prime_decomp n -> p %| q ^ e -> - exists2 x : nat * nat, x \in prime_decomp n & p = x.1 -\end{lstlisting} -Note that the pattern matching algorithm instantiated all the variables -occurring in the pattern. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Interpreting assumptions}\label{ssec:assumpinterp} -\idx{move/\dots{}} - -Interpreting an assumption in the context of a proof is applying it a -correspondence lemma before generalizing, and/or decomposing it. -For instance, with the extensive use of boolean reflection (see -section \ref{ssec:boolrefl}), it is -quite frequent to need to decompose the logical interpretation of (the -boolean expression of) a -fact, rather than the fact itself. -This can be achieved by a combination of \ssrC{move : _ => _} -switches, like in the following script, where \ssrC{||} is a notation for -the boolean disjunction: -\begin{lstlisting} - Variables P Q : bool -> Prop. - Hypothesis |*P2Q*| : forall a b, P (a || b) -> Q a. - - Goal forall a, P (a || a) -> True. - move=> a HPa; move: {HPa}(P2Q _ _ HPa) => HQa. -\end{lstlisting} -which transforms the hypothesis \ssrC{HPn : P n} which has been -introduced from the initial statement into \ssrC{HQn : Q n}. -This operation is so common that the tactic shell has -specific syntax for it. -The following scripts: -\begin{lstlisting} - Goal forall a, P (a || a) -> True. - move=> a HPa; move/P2Q: HPa => HQa. -\end{lstlisting} -or more directly: -\begin{lstlisting} - Goal forall a, P (a || a) -> True. - move=> a; move/P2Q=> HQa. -\end{lstlisting} -are equivalent to the former one. The former script shows how to -interpret a fact (already in the context), thanks to the discharge -tactical (see section \ref{ssec:discharge}) and the latter, how to -interpret the top assumption of a goal. Note -that the number of wildcards to be inserted to find the correct -application of the view lemma to the hypothesis has been automatically -inferred. - -The view mechanism is compatible with the \ssrC{case} tactic and with the -equation name generation mechanism (see section \ref{ssec:equations}): -\begin{lstlisting} - Variables P Q: bool -> Prop. - Hypothesis |*Q2P*| : forall a b, Q (a || b) -> P a \/ P b. - - Goal forall a b, Q (a || b) -> True. - move=> a b; case/Q2P=> [HPa | HPb]. -\end{lstlisting} -creates two new subgoals whose contexts no more contain -\ssrC{HQ : Q (a || b)} but respectively \ssrC{HPa : P a} and -\ssrC{HPb : P b}. This view tactic -performs: -\begin{lstlisting} - move=> a b HQ; case: {HQ}(Q2P _ _ HQ) => [HPa | HPb]. -\end{lstlisting} - -The term on the right of the \ssrC{/} view switch is called a \emph{view - lemma}. Any \ssr{} term coercing to a product type can be used as a -view lemma. - - -The examples we have given so far explicitly provide the direction of the -translation to be performed. In fact, view lemmas need not to be -oriented. The view mechanism is able to detect which -application is relevant for the current goal. For instance, the -script: -\begin{lstlisting} - Variables P Q: bool -> Prop. - Hypothesis |*PQequiv*| : forall a b, P (a || b) <-> Q a. - - Goal forall a b, P (a || b) -> True. - move=> a b; move/PQequiv=> HQab. -\end{lstlisting} -has the same behavior as the first example above. - -The view mechanism can insert automatically a \emph{view hint} to -transform the double implication into the expected simple implication. -The last script is in fact equivalent to: -\begin{lstlisting} - Goal forall a b, P (a || b) -> True. - move=> a b; move/(iffLR (PQequiv _ _)). -\end{lstlisting} -where: -\begin{lstlisting} - Lemma |*iffLR*| : forall P Q, (P <-> Q) -> P -> Q. -\end{lstlisting} - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Specializing assumptions} -\idx{move/\dots{}} - -The special case when the \emph{head symbol} of the view lemma is a -wildcard is used to interpret an assumption by \emph{specializing} -it. The view mechanism hence offers the possibility to -apply a higher-order assumption to some given arguments. - -For example, the script: -\begin{lstlisting} - Goal forall z, (forall x y, x + y = z -> z = x) -> z = 0. - move=> z; move/(_ 0 z). -\end{lstlisting} -changes the goal into: -\begin{lstlisting} - (0 + z = z -> z = 0) -> z = 0 -\end{lstlisting} - - - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Interpreting goals}\label{ssec:goalinterp} - -In a similar way, it is also often convenient to interpret a goal by changing -it into an equivalent proposition. The view mechanism of \ssr{} has a -special syntax \ssrC{apply/} for combining simultaneous goal -interpretation operations and -bookkeeping steps in a single tactic. - -With the hypotheses of section \ref{ssec:assumpinterp}, the following -script, where \ssrL+~~+ denotes the boolean negation: -\begin{lstlisting} - Goal forall a, P ((~~ a) || a). - move=> a; apply/PQequiv. -\end{lstlisting} -transforms the goal into \ssrC{Q (~~ a)}, and is equivalent to: -\begin{lstlisting} - Goal forall a, P ((~~ a) || a). - move=> a; apply: (iffRL (PQequiv _ _)). -\end{lstlisting} -where \ssrC{iffLR} is the analogous of \ssrC{iffRL} for the converse -implication. - -Any \ssr{} term whose type coerces to a double implication can be used -as a view for goal interpretation. - -Note that the goal interpretation view mechanism supports both -\ssrC{apply} and \ssrC{exact} tactics. As expected, a goal interpretation -view command \ssrC{exact/$term$} should solve the current goal or it will -fail. - - -\emph{Warning} Goal interpretation view tactics are \emph{not} compatible -with the bookkeeping tactical \ssrC{=>} since this would be redundant with -the \ssrC{apply:} {\term} \ssrC{=> _} construction. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Boolean reflection}\label{ssec:boolrefl} -In the Calculus of Inductive Construction, there is -an obvious distinction between logical propositions and boolean values. -On the one hand, logical propositions are objects -of \emph{sort} \ssrC{Prop} which is the carrier of intuitionistic -reasoning. Logical connectives in \ssrC{Prop} are \emph{types}, which give precise -information on the structure of their proofs; this information is -automatically exploited by \Coq{} tactics. For example, \Coq{} knows that a -proof of \ssrL+A \/ B+ is either a proof of \ssrC{A} or a proof of \ssrC{B}. -The tactics \ssrC{left} and \ssrC{right} change the goal \ssrL+A \/ B+ -to \ssrC{A} and \ssrC{B}, respectively; dualy, the tactic \ssrC{case} reduces the goal -\ssrL+A \/ B => G+ to two subgoals \ssrC{A => G} and \ssrC{B => G}. - -On the other hand, \ssrC{bool} is an inductive \emph{datatype} -with two constructors \ssrC{true} and \ssrC{false}. -Logical connectives on \ssrC{bool} are \emph{computable functions}, defined by -their truth tables, using case analysis: -\begin{lstlisting} - Definition (b1 || b2) := if b1 then true else b2. -\end{lstlisting} -Properties of such connectives are also established using case -analysis: the tactic \ssrC{by case: b} solves the goal -\begin{lstlisting} - b || ~~ b = true -\end{lstlisting} -by replacing \ssrC{b} first by \ssrC{true} and then by \ssrC{false}; in either case, -the resulting subgoal reduces by computation to the trivial -\ssrC{true = true}. - -Thus, \ssrC{Prop} and \ssrC{bool} are truly complementary: the former -supports robust natural deduction, the latter allows brute-force -evaluation. -\ssr{} supplies -a generic mechanism to have the best of the two worlds and move freely -from a propositional version of a -decidable predicate to its boolean version. - -First, booleans are injected into propositions -using the coercion mechanism: -\begin{lstlisting} - Coercion |*is_true*| (b : bool) := b = true. -\end{lstlisting} -This allows any boolean formula~\ssrC{b} to be used in a context -where \Coq{} would expect a proposition, e.g., after \ssrC{Lemma $\dots$ : }. -It is then interpreted as \ssrC{(is_true b)}, i.e., -the proposition \ssrC{b = true}. Coercions are elided by the pretty-printer, -so they are essentially transparent to the user. - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{The \ssrC{reflect} predicate}\label{ssec:reflpred} - -To get all the benefits of the boolean reflection, it is in fact -convenient to introduce the following inductive predicate -\ssrC{reflect} to relate propositions and booleans: - -\begin{lstlisting} - Inductive |*reflect*| (P: Prop): bool -> Type := - | Reflect_true: P => reflect P true - | Reflect_false: ~P => reflect P false. -\end{lstlisting} - -The statement \ssrC{(reflect P b)} asserts that \ssrC{(is_true b)} -and \ssrC{P} are logically equivalent propositions. - -For instance, the following lemma: -\begin{lstlisting} - Lemma |*andP*|: forall b1 b2, reflect (b1 /\ b2) (b1 && b2). -\end{lstlisting} -relates the boolean conjunction \ssrC{&&} to -the logical one \ssrL+/\+. -Note that in \ssrC{andP}, \ssrC{b1} and \ssrC{b2} are two boolean variables and -the proposition \ssrL+b1 /\ b2+ hides two coercions. -The conjunction of \ssrC{b1} and \ssrC{b2} can then be viewed -as \ssrL+b1 /\ b2+ or as \ssrC{b1 && b2}. - - -Expressing logical equivalences through this family of inductive types -makes possible to take benefit from \emph{rewritable equations} -associated to the case analysis of \Coq{}'s inductive types. - -Since the equivalence predicate is defined in \Coq{} as: -\begin{lstlisting} - Definition |*iff*| (A B:Prop) := (A -> B) /\ (B -> A). -\end{lstlisting} -where \ssrC{/\\} is a notation for \ssrC{and}: -\begin{lstlisting} - Inductive |*and*| (A B:Prop) : Prop := - conj : A -> B -> and A B -\end{lstlisting} - -This make case analysis very different according to the way an -equivalence property has been defined. - - -For instance, if we have proved the lemma: -\begin{lstlisting} - Lemma |*andE*|: forall b1 b2, (b1 /\ b2) <-> (b1 && b2). -\end{lstlisting} -let us compare the respective behaviours of \ssrC{andE} and \ssrC{andP} on a -goal: -\begin{lstlisting} - Goal forall b1 b2, if (b1 && b2) then b1 else ~~(b1||b2). -\end{lstlisting} - -The command: -\begin{lstlisting} - move=> b1 b2; case (@andE b1 b2). -\end{lstlisting} -generates a single subgoal: -\begin{lstlisting} - (b1 && b2 -> b1 /\ b2) -> (b1 /\ b2 -> b1 && b2) -> - if b1 && b2 then b1 else ~~ (b1 || b2) -\end{lstlisting} - -while the command: -\begin{lstlisting} - move=> b1 b2; case (@andP b1 b2). -\end{lstlisting} -generates two subgoals, respectively \ssrL+b1 /\ b2 -> b1+ and -\ssrL+~ (b1 /\ b2) -> ~~ (b1 || b2)+. - - - -Expressing reflection relation through the \ssrC{reflect} predicate -is hence a very convenient way to deal with classical reasoning, by -case analysis. Using the \ssrC{reflect} predicate allows moreover to -program rich specifications inside -its two constructors, which will be automatically taken into account -during destruction. This formalisation style gives far more -efficient specifications than quantified (double) implications. - - -A naming convention in \ssr{} is to postfix the name of view lemmas with \ssrC{P}. -For example, \ssrC{orP} relates \ssrC{||} and \ssrL+\/+, \ssrC{negP} relates -\ssrL+~~+ and \ssrL+~+. - -The view mechanism is compatible with \ssrC{reflect} predicates. - -For example, the script -\begin{lstlisting} - Goal forall a b : bool, a -> b -> a /\\ b. - move=> a b Ha Hb; apply/andP. -\end{lstlisting} -changes the goal \ssrL+a /\ b+ to \ssrC{a && b} (see section \ref{ssec:goalinterp}). - -Conversely, the script -\begin{lstlisting} - Goal forall a b : bool, a /\ b -> a. - move=> a b; move/andP. -\end{lstlisting} -changes the goal \ssrL+a /\ b -> a+ into \ssrC{a && b -> a} (see section -\ref{ssec:assumpinterp}). - - -The same tactics can also be used to perform the converse -operation, changing a boolean conjunction into a logical one. The view -mechanism guesses the direction of the -transformation to be used i.e., the constructor of the \ssrC{reflect} -predicate which should be chosen. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{General mechanism for interpreting goals and assumptions} - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Specializing assumptions} -\idx{move/\dots{}} - -The \ssr{} -tactic: - - \ssrC{move/(_} \ssrN[1]{term} $\dots$ \ssrN[n]{term}\ssrC{)} - -\noindent -is equivalent to the tactic: - - \ssrC{intro top; generalize (top} \ssrN[1]{term} $\dots$ \ssrN[n]{term}\ssrC{); clear top.} - -\noindent -where \ssrC{top} is a fresh name for introducing the top assumption of -the current goal. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Interpreting assumptions} -\label{sssec:hypview} -The general form of an assumption view tactic is: - -\begin{center} - \optional{\ssrC{move} {\optsep} \ssrC{case}} \ssrC{/} \ssrN[0]{term} -\end{center} - -The term \ssrN[0]{term}, called the \emph{view lemma} can be: -\begin{itemize} -\item a (term coercible to a) function; -\item a (possibly quantified) implication; -\item a (possibly quantified) double implication; -\item a (possibly quantified) instance of the \ssrC{reflect} predicate - (see section \ref{ssec:reflpred}). -\end{itemize} - -Let \ssrC{top} be the top assumption in the goal. - -There are three steps in the behaviour of an assumption view tactic: -\begin{itemize} -\item It first introduces \ssrL+top+. -\item If the type of \ssrN[0]{term} is neither a double implication nor - an instance of the \ssrC{reflect} predicate, then the tactic - automatically generalises a term of the form: - -\begin{center} - \ssrC{(}\ssrN[0]{term} \ssrN[1]{term} $\dots$ \ssrN[n]{term}\ssrC{)} -\end{center} - - where the terms \ssrN[1]{term} $\dots$ \ssrN[n]{term} instantiate the - possible quantified variables of \ssrN[0]{term}, in order for - \ssrC{(}\ssrN[0]{term} \ssrN[1]{term} $\dots$ \ssrN[n]{term} \ssrC{top)} to be well typed. -\item If the type of $\ssrN[0]{term}$ is an equivalence, or - an instance of the \ssrC{reflect} predicate, it generalises a term of - the form: - \begin{center} - (\ssrN[vh]{term} (\ssrN[0]{term} \ssrN[1]{term} $\dots$ \ssrN[n]{term})) - \end{center} - where the term \ssrN[vh]{term} inserted is called an - \emph{assumption interpretation view hint}. -\item It finally clears \ssrC{top}. -\end{itemize} -For a \ssrC{case/}\ssrN[0]{term} tactic, the generalisation step is -replaced by a case analysis step. - -\emph{View hints} are declared by the user (see section -\ref{ssec:vhints}) and are stored in the \ssrC{Hint View} database. -The proof engine automatically -detects from the shape of the top assumption \ssrC{top} and of the view -lemma $\ssrN[0]{term}$ provided to the tactic the appropriate view hint in -the database to be inserted. - -If $\ssrN[0]{term}$ is a double implication, then the view hint \ssrC{A} will -be one of the defined view hints for implication. These hints are by -default the ones present in the file {\tt ssreflect.v}: -\begin{lstlisting} - Lemma |*iffLR*| : forall P Q, (P <-> Q) -> P -> Q. -\end{lstlisting} -which transforms a double implication into the left-to-right one, or: -\begin{lstlisting} - Lemma |*iffRL*| : forall P Q, (P <-> Q) -> Q -> P. -\end{lstlisting} -which produces the converse implication. In both cases, the two first -\ssrC{Prop} arguments are implicit. - -If $\ssrN[0]{term}$ is an instance of the \ssrC{reflect} predicate, then \ssrC{A} -will be one of the defined view hints for the \ssrC{reflect} -predicate, which are by -default the ones present in the file {\tt ssrbool.v}. -These hints are not only used for choosing the appropriate direction of -the translation, but they also allow complex transformation, involving -negations. - For instance the hint: -\begin{lstlisting} - Lemma |*introN*| : forall (P : Prop) (b : bool), reflect P b -> ~ P -> ~~ b. -\end{lstlisting} -makes the following script: -\begin{lstlisting} - Goal forall a b : bool, a -> b -> ~~ (a && b). - move=> a b Ha Hb. apply/andP. -\end{lstlisting} -transforms the goal into \ssrC{ \~ (a /\ b)}. -In fact\footnote{The current state of the proof shall be displayed by - the \ssrC{Show Proof} command of \Coq{} proof mode.} -this last script does not exactly use the hint \ssrC{introN}, but the -more general hint: -\begin{lstlisting} - Lemma |*introNTF*| : forall (P : Prop) (b c : bool), - reflect P b -> (if c then ~ P else P) -> ~~ b = c -\end{lstlisting} -The lemma \ssrL+|*introN*|+ is an instantiation of \ssrC{introNF} using - \ssrC{c := true}. - -Note that views, being part of \ssrN{i-pattern}, can be used to interpret -assertions too. For example the following script asserts \ssrC{a \&\& b} -but actually used its propositional interpretation. -\begin{lstlisting} - Lemma |*test*| (a b : bool) (pab : b && a) : b. - have /andP [pa ->] : (a && b) by rewrite andbC. -\end{lstlisting} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsubsection*{Interpreting goals} -\idx{apply/\dots{}} - -A goal interpretation view tactic of the form: - -\begin{center} - \ssrC{apply/} \ssrN[0]{term} -\end{center} -applied to a goal \ssrC{top} is interpreted in the following way: -\begin{itemize} -\item If the type of $\ssrN[0]{term}$ is not an instance of the - \ssrC{reflect} predicate, nor an equivalence, - then the term $\ssrN[0]{term}$ is applied to the current goal \ssrC{top}, - possibly inserting implicit arguments. -\item If the type of $\ssrN[0]{term}$ is an instance of the \ssrC{reflect} - predicate or an equivalence, then -a \emph{goal interpretation view hint} can possibly be inserted, which -corresponds to the application of a term -\ssrC{($\ssrN[vh]{term}$ ($\ssrN[0]{term}$ _ $\dots$ _))} to the current -goal, possibly inserting implicit arguments. -\end{itemize} - -Like assumption interpretation view hints, goal interpretation ones -are user defined lemmas stored (see section \ref{ssec:vhints}) in the -\ssrC{Hint View} database bridging -the possible gap between the type of $\ssrN[0]{term}$ and the type of the -goal. - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Interpreting equivalences} -\idx{apply/\dots{}/\dots{}} - -Equivalent boolean propositions are simply \emph{equal} boolean terms. -A special construction helps the user to prove boolean equalities by -considering them as logical double implications (between their coerced -versions), while -performing at the same time logical operations on both sides. - -The syntax of double views is: -\begin{center} - \ssrC{apply/} \ssrN[l]{term} \ssrC{/} \ssrN[r]{term} -\end{center} - -The term \ssrN[l]{term} is the view lemma applied to the left hand side of the -equality, \ssrN[r]{term} is the one applied to the right hand side. - -In this context, the identity view: -\begin{lstlisting} -Lemma |*idP*| : reflect b1 b1. -\end{lstlisting} -is useful, for example the tactic: -\begin{lstlisting} - apply/idP/idP. -\end{lstlisting} -transforms the goal -\ssrL+~~ (b1 || b2)= b3+ - into two subgoals, respectively - \ssrL+~~ (b1 || b2) -> b3+ and \\ -\ssrL+b3 -> ~~ (b1 || b2).+ - -The same goal can be decomposed in several ways, and the user may -choose the most convenient interpretation. For instance, the tactic: -\begin{lstlisting} - apply/norP/idP. -\end{lstlisting} -applied on the same goal \ssrL+~~ (b1 || b2) = b3+ generates the subgoals -\ssrL+~~ b1 /\ ~~ b2 -> b3+ and\\ -\ssrL+b3 -> ~~ b1 /\ ~~ b2+. - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Declaring new \ssrC{Hint View}s}\label{ssec:vhints} -\idxC{Hint View} - -The database of hints for the view mechanism is extensible via a -dedicated vernacular command. As library {\tt ssrbool.v} already -declares a corpus of hints, this feature is probably useful only for -users who define their own logical connectives. Users can declare -their own hints following the syntax used in {\tt ssrbool.v}: - -\begin{center} - \ssrC{Hint View for} {\tac} \ssrC{/} \ssrN{ident} \optional{\ssrC{|}{\naturalnumber}} -\end{center} - - where {\tac}$\in \{$\ssrC{move, apply}$\}$, \ssrN{ident} is the -name of the lemma to be declared as a hint, and ${\naturalnumber}$ a natural -number. If \ssrL+move+ is used as {\tac}, the hint is declared for -assumption interpretation tactics, \ssrL+apply+ declares hints for goal -interpretations. -Goal interpretation view hints are declared for both simple views and -left hand side views. The optional natural number ${\naturalnumber}$ is the -number of implicit arguments to be considered for the declared hint -view lemma \ssrC{name_of_the_lemma}. - -The command: - -\begin{center} - \ssrC{Hint View for apply//} \ssrN{ident}\optional{\ssrC{|}{\naturalnumber}}. -\end{center} - -with a double slash \ssrL+//+, declares hint views for right hand sides of -double views. - - -\noindent See the files {\tt ssreflect.v} and {\tt ssrbool.v} for examples. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection{Multiple views}\label{ssec:multiview} - -The hypotheses and the goal can be interpreted applying multiple views in -sequence. Both \ssrC{move} and \ssrC{apply} can be followed by an arbitrary number -of \ssrC{/}$\ssrN[i]{term}$. The main difference between the following two tactics -\begin{lstlisting} - apply/v1/v2/v3. - apply/v1; apply/v2; apply/v3. -\end{lstlisting} -is that the former applies all the views to the principal goal. -Applying a view with hypotheses generates new goals, and the second line -would apply the view \ssrC{v2} to all the goals generated by \ssrC{apply/v1}. -Note that the NO-OP intro pattern \ssrC{-} can be used to separate two -views, making the two following examples equivalent: -\begin{lstlisting} - move=> /v1; move=> /v2. - move=> /v1-/v2. -\end{lstlisting} - -The tactic \ssrC{move} can be used together with the \ssrC{in} -tactical to pass a given hypothesis to a lemma. For example, if -\ssrC{P2Q : P -> Q } and \ssrC{Q2R : Q -> R}, the following -tactic turns the hypothesis \ssrC{p : P} into \ssrC{P : R}. -\begin{lstlisting} - move/P2Q/Q2R in p. -\end{lstlisting} - -If the list of views is of length two, \ssrC{Hint View}s for interpreting -equivalences are indeed taken into account, otherwise only single -\ssrC{Hint View}s are used. -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\section{\ssr{} searching tool} -\idxC{Search \dots{}} - -\ssr{} proposes an extension of the \ssrC{Search} command. Its syntax is: - -\begin{center} - \ssrC{Search} \optional{\ssrN{pattern}} \optional{\optional{\ssrC{\-}} \optional{\ssrN{string}\optional{\ssrC{\%}\ssrN{key}} {\optsep} \ssrN{pattern}}}$^*$ \optional{\ssrC{in} \optional{\optional{\ssrC{\-}} \ssrN{name} }$^+$} -\end{center} - -% \begin{lstlisting} -% Search [[\~]\ssrN{string}]$^*$ [\ssrN{pattern}] [[$\ssrN[1]{pattern} \dots $ $\ssrN[n]{pattern}$]] $[[$inside$|$outside$]$ $M_1 \dots M_n$]. -% \end{lstlisting} - -% This tactic returns the list of defined constants matching the -% given criteria: -% \begin{itemize} -% \item \ssrL+[[-]\ssrN{string}]$^*$+ is an open sequence of strings, which sould -% all appear in the name of the returned constants. The optional \ssrL+-+ -% prefixes strings that are required \emph{not} to appear. -% % \item \ssrN{pattern} should be a subterm of the -% % \emph{conclusion} of the lemmas found by the command. If a lemma features -% % an occurrence -% % of this pattern only in one or several of its assumptions, it will not be -% % selected by the searching tool. -% \item -% \ssrL=[$\ssrN{pattern}^+$]= -% is a list of \ssr{} terms, which may -% include types, that are required to appear in the returned constants. -% Terms with holes should be surrounded by parentheses. -% \item $\ssrC{in}\ [[\ssrC{\-}]M]^+$ limits the search to the signature -% of open modules given in the list, but the ones preceeded by the -% $\ssrC{\-}$ flag. The -% command: -% \begin{lstlisting} -% Search in M. -% \end{lstlisting} -% is hence a way of obtaining the complete signature of the module \ssrL{M}. -% \end{itemize} -where \ssrN{name} is the name of an open module. -This command search returns the list of lemmas: -\begin{itemize} -\item whose \emph{conclusion} contains a subterm matching the optional - first \ssrN{pattern}. A $\ssrC{-}$ reverses the test, producing the list - of lemmas whose conclusion does not contain any subterm matching - the pattern; -\item whose name contains the given string. A $\ssrC{-}$ prefix reverses - the test, producing the list of lemmas whose name does not contain the - string. A string that contains symbols or -is followed by a scope \ssrN{key}, is interpreted as the constant whose -notation involves that string (e.g., \ssrL=+= for \ssrL+addn+), if this is -unambiguous; otherwise the diagnostic includes the output of the -\ssrC{Locate} vernacular command. - -\item whose statement, including assumptions and types, contains a - subterm matching the next patterns. If a pattern is prefixed by - $\ssrC{-}$, the test is reversed; -\item contained in the given list of modules, except the ones in the - modules prefixed by a $\ssrC{-}$. -\end{itemize} - -Note that: -\begin{itemize} -\item As for regular terms, patterns can feature scope - indications. For instance, the command: -\begin{lstlisting} - Search _ (_ + _)%N. -\end{lstlisting} -lists all the lemmas whose statement (conclusion or hypotheses) -involve an application of the binary operation denoted by the infix -\ssrC{+} symbol in the \ssrC{N} scope (which is \ssr{} scope for natural numbers). -\item Patterns with holes should be surrounded by parentheses. -\item Search always volunteers the expansion of the notation, avoiding the - need to execute Locate independently. Moreover, a string fragment - looks for any notation that contains fragment as - a substring. If the \ssrL+ssrbool+ library is imported, the command: -\begin{lstlisting} - Search "~~". -\end{lstlisting} -answers : -\begin{lstlisting} -"~~" is part of notation (~~ _) -In bool_scope, (~~ b) denotes negb b -negbT forall b : bool, b = false -> ~~ b -contra forall c b : bool, (c -> b) -> ~~ b -> ~~ c -introN forall (P : Prop) (b : bool), reflect P b -> ~ P -> ~~ b -\end{lstlisting} - \item A diagnostic is issued if there are different matching notations; - it is an error if all matches are partial. -\item Similarly, a diagnostic warns about multiple interpretations, and - signals an error if there is no default one. -\item The command \ssrC{Search in M.} -is a way of obtaining the complete signature of the module \ssrL{M}. -\item Strings and pattern indications can be interleaved, but the - first indication has a special status if it is a pattern, and only - filters the conclusion of lemmas: -\begin{itemize} - \item The command : - \begin{lstlisting} - Search (_ =1 _) "bij". - \end{lstlisting} -lists all the lemmas whose conclusion features a '$\ssrC{=1}$' and whose -name contains the string \verb+bij+. -\item The command : - \begin{lstlisting} - Search "bij" (_ =1 _). - \end{lstlisting} -lists all the lemmas whose statement, including hypotheses, features a -'$\ssrC{=1}$' and whose name contains the string \verb+bij+. - -\end{itemize} - -\end{itemize} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\section{Synopsis and Index} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection*{Parameters} - -\begin{minipage}[c]{\textwidth}\renewcommand{\footnoterule}{} -\begin{longtable}{lcl} -\ssrN{d-tactic} && one of the - \ssrC{elim}, \ssrC{case}, \ssrC{congr}, \ssrC{apply}, \ssrC{exact} - and \ssrC{move} \ssr{} tactics \\ -\ssrN{fix-body} && standard \Coq{} \textit{fix\_body}\\ -\ssrN{ident} && standard \Coq{} identifier\\ -\ssrN{int} && integer literal \\ -\ssrN{key} && notation scope\\ -\ssrN{name} && module name\\ -${\naturalnumber}$ && \ssrN{int} or Ltac variable denoting a standard \Coq{} numeral\footnote{The name of this Ltac variable should not be the name of a tactic which can be followed by a bracket - \ssrL+[+, like \ssrL+do+, \ssrL+ have+,\dots}\\ -\ssrN{pattern} && synonym for {\term}\\ -\ssrN{string} && standard \Coq{} string\\ -{\tac} && standard \Coq{} tactic or \ssr{} tactic\\ -{\term} & \hspace{1cm} & Gallina term, possibly containing wildcards\\ -%\ssrN{view} && global constant\\ -\end{longtable} -\end{minipage} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection*{Items and switches} - -\begin{longtable}{lclr} -\ssrN{binder} & {\ident} {\optsep} \ssrC{(} {\ident} \optional{\ssrC{:} {\term} } \ssrC{)} & binder& p. \pageref{ssec:pose}\\ -\\ -\ssrN{clear-switch} & \ssrC{\{} {\ident}$^+$ \ssrC{\}} & clear switch & p. \pageref{ssec:discharge}\\ -\\ -\ssrN{c-pattern} & \optional{{\term} \ssrC{in} {\optsep} {\term} \ssrC{as}} {\ident} \ssrC{in} {\term} & context pattern & p. \pageref{ssec:rewp} \\ -\\ -\ssrN{d-item} & \optional{\ssrN{occ-switch} {\optsep} \ssrN{clear-switch}} \optional{{\term} {\optsep} \ssrC{(}\ssrN{c-pattern}\ssrC{)}} & discharge item & p. \pageref{ssec:discharge}\\ -\\ -\ssrN{gen-item} & \optional{\ssrC{@}}{\ident} {\optsep} \ssrC{(}{\ident}\ssrC{)} {\optsep} \ssrC{(}\optional{\ssrC{@}}{\ident} \ssrC{:=} \ssrN{c-pattern}\ssrC{)} & generalization item & p. \pageref{ssec:struct}\\ -\\ -\ssrN{i-pattern} & {\ident} {\optsep} \ssrC{_} {\optsep} \ssrC{?} {\optsep} \ssrC{*} {\optsep} \optional{\ssrN{occ-switch}}\ssrC{->} {\optsep} \optional{\ssrN{occ-switch}}\ssrC{<-} {\optsep} & intro pattern & p. \pageref{ssec:intro}\\ -& \ssrC{[} \ssrN{i-item}$^*$ \ssrC{|} $\dots$ \ssrC{|} \ssrN{i-item}$^*$ \ssrC{]} {\optsep} \ssrC{-} {\optsep} \ssrC{[:} {\ident}$^+$\ssrC{]} &\\ -\\ -\ssrN{i-item} & \ssrN{clear-switch} {\optsep} \ssrN{s-item} {\optsep} \ssrN{i-pattern} {\optsep} \ssrC{/}{\term} & intro item & p. \pageref{ssec:intro}\\ -\\ -\ssrN{int-mult} & \optional{{\naturalnumber}} \ssrN{mult-mark} & multiplier & p. \pageref{ssec:iter}\\ -\\ -\ssrN{occ-switch} & \ssrC{\{} \optional{\ssrC{+} {\optsep} \ssrC{-}} {\naturalnumber}$^*$\ssrC{\}} & occur. switch & p. \pageref{sssec:occselect}\\ -\\ -\ssrN{mult} & \optional{{\naturalnumber}} \ssrN{mult-mark} & multiplier & p. \pageref{ssec:iter}\\ -\\ -\ssrN{mult-mark} & \ssrC{?} {\optsep} \ssrC{!} & multiplier mark & p. \pageref{ssec:iter}\\ -\\ -\ssrN{r-item} & \optional{\ssrC{/}} {\term} {\optsep} \ssrN{s-item} & rewrite item & p. \pageref{ssec:extrw}\\ -\\ -\ssrN{r-prefix} & \optional{\ssrC{-}} \optional{\ssrN{int-mult}} \optional{\ssrN{occ-switch} {\optsep} \ssrN{clear-switch}} \optional{\ssrC{[}\ssrN{r-pattern}\ssrC{]}} & rewrite prefix & p. \pageref{ssec:extrw}\\ -\\ -\ssrN{r-pattern} & {\term} {\optsep} \ssrN{c-pattern} {\optsep} \ssrC{in} \optional{{\ident} \ssrC{in}} {\term} & rewrite pattern & p. \pageref{ssec:extrw}\\ -\\ -\ssrN{r-step} & \optional{\ssrN{r-prefix}}\ssrN{r-item} & rewrite step & p. \pageref{ssec:extrw}\\ -\\ -\ssrN{s-item} & \ssrC{/=} {\optsep} \ssrC{//} {\optsep} \ssrC{//=} & simplify switch & p. \pageref{ssec:intro}\\ -\\ -\end{longtable} - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection*{Tactics} -\emph{Note}: \ssrC{without loss} and \ssrC{suffices} are synonyms for \ssrC{wlog} and -\ssrC{suff} respectively. - -\begin{longtable}{llr} -\ssrC{move} & \textcolor{dkblue}{\texttt{idtac}} or \ssrC{hnf}& p. \pageref{ssec:profstack} \\ -\ssrC{apply} & application & p. \pageref{ssec:basictac}\\ -\ssrC{exact} &&\\ -\ssrC{abstract} && p. \pageref{ssec:abstract}, \pageref{sec:havetransparent}\\ -\\ -\ssrC{elim} & induction & p. \pageref{ssec:basictac}\\ -\ssrC{case} & case analysis & p. \pageref{ssec:basictac}\\ -\\ -\ssrC{rewrite} \ssrN{rstep}$^+$ & rewrite& p. \pageref{ssec:extrw}\\ -\\ -\ssrC{have} \ssrN{i-item}$^*$ \optional{\ssrN{i-pattern}} \optional{\ssrN{s-item} {\optsep} \ssrN{binder}$^+$} \optional{\ssrC{:} {\term}} \ssrC{:=} {\term} & forward & p. \pageref{ssec:struct}\\ -\ssrC{have} \ssrN{i-item}$^*$ \optional{\ssrN{i-pattern}} \optional{\ssrN{s-item}{\optsep} \ssrN{binder}$^+$} \ssrC{:} {\term} \optional{\ssrC{by} {\tac}} & chaining & \\ -\ssrC{have suff} \optional{\ssrN{clear-switch}} \optional{\ssrN{i-pattern}} \optional{\ssrC{:} {\term}} \ssrC{:=} {\term} & & \\ -\ssrC{have suff} \optional{\ssrN{clear-switch}} \optional{\ssrN{i-pattern}} \ssrC{:} {\term} \optional{\ssrC{by} {\tac}} & & \\ -\ssrC{gen have} \optional{{\ident}\ssrC{,}} \optional{\ssrN{i-pattern}} \ssrC{:} \ssrN{gen-item}$^+$ \ssrC{/} {\term} \optional{\ssrC{by} {\tac}} & & \\ -\\ -\ssrC{wlog} \optional{\ssrC{suff}} \optional{\ssrN{i-item}} \ssrC{:} \optional{\ssrN{gen-item}{\optsep} \ssrN{clear-switch}}$^*$ \ssrC{/} {\term} & specializing & p. \pageref{ssec:struct} \\ -\\ -\ssrC{suff} \ssrN{i-item}$^*$ \optional{\ssrN{i-pattern}} \optional{\ssrN{binder}$^+$} \ssrC{:} {\term} \optional{\ssrC{by} {\tac}} & backchaining & p. \pageref{ssec:struct}\\ -\ssrC{suff} \optional{\ssrC{have}} \optional{\ssrN{clear-switch}} \optional{\ssrN{i-pattern}} \ssrC{:} {\term} \optional{\ssrC{by} {\tac}} & & \\ -\\ -\ssrC{pose} {\ident} \ssrC{:=} {\term} & local definition& p. \pageref{ssec:pose}\\ -\ssrC{pose} {\ident} \ssrN{binder}$^+$ \ssrC{:=} {\term} & \rlap{local function definition}& \\ -\ssrC{pose fix} \ssrN{fix-body} & \rlap{local fix definition} & \\ -\ssrC{pose cofix} \ssrN{fix-body} & \rlap{local cofix definition} & \\ -\\ -\ssrC{set} {\ident} \optional{\ssrC{:} {\term}} \ssrC{:=} \optional{\ssrN{occ-switch}} \optional{{\term}{\optsep} \ssrC{(}\ssrN{c-pattern}\ssrC{)}} & abbreviation&p. \pageref{ssec:set}\\ -\\ -\ssrC{unlock} \optional{\ssrN{r-prefix}]{\ident}}$^*$ & unlock & p. \pageref{ssec:lock}\\ -\\ -\ssrC{congr} \optional{\naturalnumber} {\term} & congruence& p. \pageref{ssec:congr}\\ -\end{longtable} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection*{Tacticals} - -\begin{longtable}{lclr} -\ssrN{d-tactic} \optional{\ident} \ssrC{:} \ssrN{d-item}$^{+}$ \optional{\ssrN{clear-switch}} & & discharge & p. \pageref{ssec:discharge}\\ -\\ -{\tac} \ssrC{=>} \ssrN{i-item}$^+$ && introduction & p. \pageref{ssec:intro}\\ -\\ -{\tac} \ssrC{in} \optional{\ssrN{gen-item} {\optsep} \ssrN{clear-switch}}$^+$ \optional{\ssrC{*}} && localization & p. \pageref{ssec:gloc}\\ -\\ -\ssrC{do} \optional{\ssrN{mult}} \ssrC{[} \nelist{\tac}{|} \ssrC{]}&& iteration & p. \pageref{ssec:iter}\\ -\ssrC{do} \ssrN{mult} {\tac} &&& \\ -\\ -{\tac} \ssrC{ ; first} \optional{\naturalnumber} \ssrC{[}\nelist{\tac}{|}\ssrC{]} && selector & p. \pageref{ssec:select}\\ -{\tac} \ssrC{ ; last} \optional{\naturalnumber} \ssrC{[}\nelist{\tac}{|}\ssrC{]} \\ -{\tac} \ssrC{ ; first} \optional{\naturalnumber} \ssrC{last} && subgoals & p. \pageref{ssec:select}\\ -{\tac} \ssrC{; last} \optional{\naturalnumber} \ssrC{first} && rotation & \\ -\\ -\ssrC{by [} \nelist{\tac}{|} \ssrC{]} && closing & p. \pageref{ssec:termin}\\ -\ssrC{by []} \\ -\ssrC{by} {\tac} \\ -\end{longtable} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\subsection*{Commands} -\begin{longtable}{lclr} -\ssrL+Hint View for+ \optional{\ssrL+move+ {\it |} \ssrL+apply+} {\tt /} {\ident} \optional{{\tt|} {\naturalnumber}} && view hint -declaration & p. \pageref{ssec:vhints}\\ -\\ -\ssrL+Hint View for apply//+ {\ident} \optional{{\tt|}{\naturalnumber}} && right hand side double - & p. \pageref{ssec:vhints}\\ -&& view hint declaration &\\ -\\ -%\ssrL+Import Prenex Implicits+ && enable prenex implicits & -%p. \pageref{ssec:parampoly}\\ -%\\ -\ssrL+Prenex Implicits+ {\ident}$^+$ & \hspace{.6cm} & prenex implicits decl. - & p. \pageref{ssec:parampoly}\\ - -\end{longtable} - -\iffalse - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\section{Changes} - -\subsection{\ssr{} version 1.3} -All changes are retrocompatible extensions but for: -\begin{itemize} -\item Occurrences in the type family switch now refer only to the goal, while - before they used to refer also to the types in the abstractions of the - predicate used by the eliminator. This bug used to affect lemmas like - \ssrC{boolP}. See the relative comments in \ssrC{ssrbool.v}. -\item Clear switches can only mention existing hypothesis and - otherwise fail. This can in particular affect intro patterns - simultaneously applied to several goals. - % commit: 2686 -\item A bug in the \ssrC{rewrite} tactic allowed to - instantiate existential metavariables occurring in the goal. - This is not the case any longer (see section~\ref{ssec:rewcaveats}). -\item The \ssrC{fold} and \ssrC{unfold} \ssrN{r-items} for \ssrC{rewrite} used to - fail silently when used in combination with a \ssrN{r-pattern} matching no - goal subterm. They now fail. The old behavior can be obtained using - the \ssrC{?} multiplier (see section~\ref{ssec:extrw}). -\item \Coq{} 8.2 users with a statically linked toplevel must comment out the\\ - \ssrC{Declare ML Module "ssreflect".}\\ - line at the beginning of \ssrC{ssreflect.v} to compile the 1.3 library. -\end{itemize} -New features: -\begin{itemize} -\item Contextual \ssrC{rewrite} patterns. - The context surrounding the redex can now be used to specify which - redex occurrences should be rewritten (see section~\ref{ssec:rewp}).\\ - \ssrC{rewrite [in X in _ = X]addnC.} - % commit: 2690, 2689, 2718, 2733 -\item Proof irrelevant interpretation of goals with existential metavariables. - Goals containing an existential metavariable of sort \ssrC{Prop} are - generalized over it, and a new goal for the missing subproof is - generated (see page~\pageref{sssec:apply} and - section~\ref{ssec:rewcaveats}).\\ - \ssrC{apply: (ex_intro _ (@Ordinal _ y _)).}\\ - \ssrC{rewrite insubT.} - % commit: 2553, 2544, 2543, 2733 -\item Views are now part of \ssrN{i-pattern} and can thus be used - inside intro patterns (see section~\ref{ssec:intro}).\\ - \ssrC{move=> a b /andP [Ha Hb].} - % commit: 2720 -\item Multiple views for \ssrC{move}, \ssrC{move $\dots$ in} and \ssrC{apply} - (see section~\ref{ssec:multiview}).\\ - \ssrC{move/v1/v2/v3.}\\ - \ssrC{move/v1/v2/v3 in H.}\\ - \ssrC{apply/v1/v2/v3.} - % commit: 2720 -\item \ssrC{have} and \ssrC{suff} idiom with view (see section~\ref{sssec:hypview}). -\begin{lstlisting} - Lemma |*test*| (a b : bool) (pab : a && b) : b. - have {pab} /= /andP [pa ->] // : true && (a && b) := pab. -\end{lstlisting} - % commit: 2726 -\item \ssrC{have suff}, \ssrC{suff have} and \ssrC{wlog suff} forward reasoning - tactics (see section~\ref{ssec:struct}).\\ - \ssrC{have suff H : P.} - % commit: 2633 -\item Binders support in \ssrC{have} (see section~\ref{sssec:have}).\\ - \ssrC{have H x y (r : R x y) : P x -> Q y.} - % commit: 2633 -\item Deferred clear switches. Clears are deferred to the end of the - intro pattern. In the meanwhile, cleared variables are still - part of the context, thus the goal can mention them, but are - renamed to non accessible dummy names (see section~\ref{ssec:intro}).\\ - \ssrC{suff: G \\x H = K; first case/dprodP=> \{G H\} [[G H -> -> defK]].} - % commit: 2660 -\item Relaxed alternation condition in intro patterns. The - \ssrN{i-item} grammar rule is simplified (see section~\ref{ssec:intro}).\\ - \ssrC{move=> a \{H\} /= \{H1\} // b c /= \{H2\}.} - % commit: 2713 -\item Occurrence selection for \ssrC{->} and \ssrC{<-} intro pattern - (see section~\ref{ssec:intro}).\\ - \ssrC{move=> a b H \{2\}->.} - % commit: 2714 -\item Modifiers for the discharging '\ssrC{:}' and \ssrC{in} tactical to override - the default behavior when dealing with local definitions (let-in): - \ssrC{@f} forces the body of \ssrC{f} to be kept, \ssrC{(f)} forces the body of - \ssrC{f} to be dropped (see sections~\ref{ssec:discharge} - and~\ref{ssec:gloc}).\\ - \ssrC{move: x y @f z.}\\ - \ssrC{rewrite rule in (f) $\;\;$H.} - %commit: 2659, 2710 -\item Type family switch in \ssrC{elim} and \ssrC{case} - can contain patterns with occurrence switch - (see section~\ref{ssec:typefam}).\\ - \ssrC{case: \{2\}(_ == x) / eqP.} - % commit: 2593, 2598, 2539, 2538, 2527, 2529 -\item Generic second order predicate support for \ssrC{elim} - (see section~\ref{sec:views}).\\ - \ssrC{elim/big\_prop: _} - % commit: 2767 -\item The \ssrC{congr} tactic now also works on products (see - section~\ref{ssec:congr}). -\begin{lstlisting} - Lemma |*test*| x (H : P x) : P y. - congr (P _): H. -\end{lstlisting} - % commit: 2608 -\item Selectors now support Ltac variables - (see section~\ref{ssec:select}).\\ - \ssrC{let n := 3 in tac; first n last.} - % commit: 2725 -\item Deprecated use of \ssrC{Import Prenex Implicits} directive. - It must be replaced with the \Coq{} \ssrC{Unset Printing - Implicit Defensive} vernacular command. -\item New synonym \ssrC{Canonical} for \ssrC{Canonical Structure}. -\end{itemize} -\subsection{\ssr{} version 1.4} -New features: -\begin{itemize} -\item User definable recurrent contexts (see section~\ref{ssec:rewp}).\\ - \ssrC{Notation RHS := (X in _ = X)\%pattern} -\item Contextual patterns in - \ssrC{set} and `\ssrC{:}' (see section~\ref{ssec:rewp}).\\ - \ssrC{set t := (a + _ in RHS)} -\item NO-OP intro pattern (see section~\ref{ssec:intro}).\\ - \ssrC{move=> /eqP-H /fooP-/barP} -\item \ssrC{if $\ {\term}\ $ isn't $\ \ssrN{pattern}\ $ then $\ {\term}\ $ - else $\ {\term}\ $} notation (see section~\ref{ssec:patcond}).\\ - \ssrC{if x isn't Some y then simple else complex y} -\end{itemize} -\subsection{\ssr{} version 1.5} -Incompatibilities: -\begin{itemize} -\item The \ssrC{have} tactic now performs type classes resolution. The old - behavior can be restored with \ssrC{Set SsrHave NoTCResolution} -\end{itemize} -Fixes: -\begin{itemize} -\item The \ssrC{let foo := type of t in} syntax of standard \ssrC{Ltac} has - been made compatible with \ssr{} and can be freely used even if - the \ssr{} plugin is loaded -\end{itemize} -New features: -\begin{itemize} -\item Generalizations supported in have (see section~\ref{ssec:struct}).\\ - \ssrC{generally have hx2px, pa : a ha / P a.} -\item Renaming and patterns in wlog (see section~\ref{ssec:struct} and - page \pageref{par:advancedgen}).\\ - \ssrC{wlog H : (n := m)$\;$ (x := m + _)$\;$ / T x}.\\ - \ssrC{wlog H : (n := m)$\;$ (@ldef := secdef m)$\;$ / T x}. -\item Renaming, patterns and clear switches in \ssrC{in} - tactical (see section~\ref{ssec:gloc}).\\ - \ssrC{$\dots$ in H1 \{H2\} (n := m).} -\item Handling of type classes in \ssrC{have} - (see page~\pageref{ssec:havetcresolution}).\\ - \ssrC{have foo : ty. (* TC inference for ty *)}\\ - \ssrC{have foo : ty := . (* no TC inference for ty *)}\\ - \ssrC{have foo : ty := t. (* no TC inference for ty and t *)}\\ - \ssrC{have foo := t. (* no TC inference for t *)} -\item Transparent flag for \ssrC{have} to generate a \ssrC{let in} context entry - (see page~\pageref{sec:havetransparent}).\\ - \ssrC{have @i : 'I\_n by apply: (Sub m); auto.} -\item Intro pattern \ssrC{[: foo bar ]} to create abstract variables - (see page~\pageref{ssec:introabstract}). -\item Tactic \ssrC{abstract:} to assign an abstract variable - (see page~\pageref{ssec:abstract}).\\ - \ssrC{have [: blurb ] @i : 'I\_n by apply: (Sub m); abstract: blurb; auto.}\\ - \ssrC{have [: blurb ] i : 'I\_n := Sub m blurb; first by auto.} - -\end{itemize} - -\fi diff --git a/doc/refman/RefMan-syn.tex b/doc/refman/RefMan-syn.tex deleted file mode 100644 index eecb5ac7c0..0000000000 --- a/doc/refman/RefMan-syn.tex +++ /dev/null @@ -1,1251 +0,0 @@ -\chapter[Syntax extensions and interpretation scopes]{Syntax extensions and interpretation scopes\label{Addoc-syntax}} -%HEVEA\cutname{syntax-extensions.html} - -In this chapter, we introduce advanced commands to modify the way -{\Coq} parses and prints objects, i.e. the translations between the -concrete and internal representations of terms and commands. The main -commands are {\tt Notation} and {\tt Infix} which are described in -section \ref{Notation}. It also happens that the same symbolic -notation is expected in different contexts. To achieve this form of -overloading, {\Coq} offers a notion of interpretation scope. This is -described in Section~\ref{scopes}. - -\Rem The commands {\tt Grammar}, {\tt Syntax} and {\tt Distfix} which -were present for a while in {\Coq} are no longer available from {\Coq} -version 8.0. The underlying AST structure is also no longer available. -The functionalities of the command {\tt Syntactic Definition} are -still available; see Section~\ref{Abbreviations}. - -\section[Notations]{Notations\label{Notation} -\comindex{Notation}} - -\subsection{Basic notations} - -A {\em notation} is a symbolic abbreviation denoting some term -or term pattern. - -A typical notation is the use of the infix symbol \verb=/\= to denote -the logical conjunction (\texttt{and}). Such a notation is declared -by - -\begin{coq_example*} -Notation "A /\ B" := (and A B). -\end{coq_example*} - -The expression \texttt{(and A B)} is the abbreviated term and the -string \verb="A /\ B"= (called a {\em notation}) tells how it is -symbolically written. - -A notation is always surrounded by double quotes (except when the -abbreviation is a single identifier; see \ref{Abbreviations}). The -notation is composed of {\em tokens} separated by spaces. Identifiers -in the string (such as \texttt{A} and \texttt{B}) are the {\em -parameters} of the notation. They must occur at least once each in the -denoted term. The other elements of the string (such as \verb=/\=) are -the {\em symbols}. - -An identifier can be used as a symbol but it must be surrounded by -simple quotes to avoid the confusion with a parameter. Similarly, -every symbol of at least 3 characters and starting with a simple quote -must be quoted (then it starts by two single quotes). Here is an example. - -\begin{coq_example*} -Notation "'IF' c1 'then' c2 'else' c3" := (IF_then_else c1 c2 c3). -\end{coq_example*} - -%TODO quote the identifier when not in front, not a keyword, as in "x 'U' y" ? - -A notation binds a syntactic expression to a term. Unless the parser -and pretty-printer of {\Coq} already know how to deal with the -syntactic expression (see \ref{ReservedNotation}), explicit precedences and -associativity rules have to be given. - -\Rem The right-hand side of a notation is interpreted at the time the -notation is given. In particular, implicit arguments (see -Section~\ref{Implicit Arguments}), coercions (see -Section~\ref{Coercions}), etc. are resolved at the time of the -declaration of the notation. - -\subsection[Precedences and associativity]{Precedences and associativity\index{Precedences} -\index{Associativity}} - -Mixing different symbolic notations in the same text may cause serious -parsing ambiguity. To deal with the ambiguity of notations, {\Coq} -uses precedence levels ranging from 0 to 100 (plus one extra level -numbered 200) and associativity rules. - -Consider for example the new notation - -\begin{coq_example*} -Notation "A \/ B" := (or A B). -\end{coq_example*} - -Clearly, an expression such as {\tt forall A:Prop, True \verb=/\= A \verb=\/= -A \verb=\/= False} is ambiguous. To tell the {\Coq} parser how to -interpret the expression, a priority between the symbols \verb=/\= and -\verb=\/= has to be given. Assume for instance that we want conjunction -to bind more than disjunction. This is expressed by assigning a -precedence level to each notation, knowing that a lower level binds -more than a higher level. Hence the level for disjunction must be -higher than the level for conjunction. - -Since connectives are not tight articulation points of a text, it -is reasonable to choose levels not so far from the highest level which -is 100, for example 85 for disjunction and 80 for -conjunction\footnote{which are the levels effectively chosen in the -current implementation of {\Coq}}. - -Similarly, an associativity is needed to decide whether {\tt True \verb=/\= -False \verb=/\= False} defaults to {\tt True \verb=/\= (False -\verb=/\= False)} (right associativity) or to {\tt (True -\verb=/\= False) \verb=/\= False} (left associativity). We may -even consider that the expression is not well-formed and that -parentheses are mandatory (this is a ``no associativity'')\footnote{ -{\Coq} accepts notations declared as no associative but the parser on -which {\Coq} is built, namely {\camlpppp}, currently does not implement the -no-associativity and replaces it by a left associativity; hence it is -the same for {\Coq}: no-associativity is in fact left associativity}. -We don't know of a special convention of the associativity of -disjunction and conjunction, so let's apply for instance a right -associativity (which is the choice of {\Coq}). - -Precedence levels and associativity rules of notations have to be -given between parentheses in a list of modifiers that the -\texttt{Notation} command understands. Here is how the previous -examples refine. - -\begin{coq_example*} -Notation "A /\ B" := (and A B) (at level 80, right associativity). -Notation "A \/ B" := (or A B) (at level 85, right associativity). -\end{coq_example*} - -By default, a notation is considered non associative, but the -precedence level is mandatory (except for special cases whose level is -canonical). The level is either a number or the phrase {\tt next -level} whose meaning is obvious. The list of levels already assigned -is on Figure~\ref{init-notations}. - -\subsection{Complex notations} - -Notations can be made from arbitrarily complex symbols. One can for -instance define prefix notations. - -\begin{coq_example*} -Notation "~ x" := (not x) (at level 75, right associativity). -\end{coq_example*} - -One can also define notations for incomplete terms, with the hole -expected to be inferred at typing time. - -\begin{coq_example*} -Notation "x = y" := (@eq _ x y) (at level 70, no associativity). -\end{coq_example*} - -One can define {\em closed} notations whose both sides are symbols. In -this case, the default precedence level for inner subexpression is 200. - -\begin{coq_eval} -Set Printing Depth 50. -(********** The following is correct but produces **********) -(**** an incompatibility with the reserved notation ********) -\end{coq_eval} -\begin{coq_example*} -Notation "( x , y )" := (@pair _ _ x y) (at level 0). -\end{coq_example*} - -One can also define notations for binders. - -\begin{coq_eval} -Set Printing Depth 50. -(********** The following is correct but produces **********) -(**** an incompatibility with the reserved notation ********) -\end{coq_eval} -\begin{coq_example*} -Notation "{ x : A | P }" := (sig A (fun x => P)) (at level 0). -\end{coq_example*} - -In the last case though, there is a conflict with the notation for -type casts. This last notation, as shown by the command {\tt Print Grammar -constr} is at level 100. To avoid \verb=x : A= being parsed as a type cast, -it is necessary to put {\tt x} at a level below 100, typically 99. Hence, a -correct definition is - -\begin{coq_example*} -Notation "{ x : A | P }" := (sig A (fun x => P)) (at level 0, x at level 99). -\end{coq_example*} - -%This change has retrospectively an effect on the notation for notation -%{\tt "{ A } + { B }"}. For the sake of factorization, {\tt A} must be -%put at level 99 too, which gives -% -%\begin{coq_example*} -%Notation "{ A } + { B }" := (sumbool A B) (at level 0, A at level 99). -%\end{coq_example*} - -See the next section for more about factorization. - -\subsection{Simple factorization rules} - -{\Coq} extensible parsing is performed by Camlp5 which is essentially a -LL1 parser. Hence, some care has to be taken not to hide already -existing rules by new rules. Some simple left factorization work has -to be done. Here is an example. - -\begin{coq_eval} -(********** The next rule for notation _ < _ < _ produces **********) -(*** Error: Notation _ < _ < _ is already defined at level 70 ... ***) -\end{coq_eval} -\begin{coq_example*} -Notation "x < y" := (lt x y) (at level 70). -Notation "x < y < z" := (x < y /\ y < z) (at level 70). -\end{coq_example*} - -In order to factorize the left part of the rules, the subexpression -referred by {\tt y} has to be at the same level in both rules. However -the default behavior puts {\tt y} at the next level below 70 -in the first rule (no associativity is the default), and at the level -200 in the second rule (level 200 is the default for inner expressions). -To fix this, we need to force the parsing level of {\tt y}, -as follows. - -\begin{coq_example*} -Notation "x < y" := (lt x y) (at level 70). -Notation "x < y < z" := (x < y /\ y < z) (at level 70, y at next level). -\end{coq_example*} - -For the sake of factorization with {\Coq} predefined rules, simple -rules have to be observed for notations starting with a symbol: -e.g. rules starting with ``\{'' or ``('' should be put at level 0. The -list of {\Coq} predefined notations can be found in Chapter~\ref{Theories}. - -The command to display the current state of the {\Coq} term parser is -\comindex{Print Grammar constr} - -\begin{quote} -\tt Print Grammar constr. -\end{quote} - -\variant - -\comindex{Print Grammar pattern} -{\tt Print Grammar pattern.}\\ - -This displays the state of the subparser of patterns (the parser -used in the grammar of the {\tt match} {\tt with} constructions). - -\subsection{Displaying symbolic notations} - -The command \texttt{Notation} has an effect both on the {\Coq} parser and -on the {\Coq} printer. For example: - -\begin{coq_example} -Check (and True True). -\end{coq_example} - -However, printing, especially pretty-printing, requires -more care than parsing. We may want specific indentations, -line breaks, alignment if on several lines, etc. - -The default printing of notations is very rudimentary. For printing a -notation, a {\em formatting box} is opened in such a way that if the -notation and its arguments cannot fit on a single line, a line break -is inserted before the symbols of the notation and the arguments on -the next lines are aligned with the argument on the first line. - -A first, simple control that a user can have on the printing of a -notation is the insertion of spaces at some places of the -notation. This is performed by adding extra spaces between the symbols -and parameters: each extra space (other than the single space needed -to separate the components) is interpreted as a space to be inserted -by the printer. Here is an example showing how to add spaces around -the bar of the notation. - -\begin{coq_example} -Notation "{{ x : A | P }}" := (sig (fun x : A => P)) - (at level 0, x at level 99). -Check (sig (fun x : nat => x=x)). -\end{coq_example} - -The second, more powerful control on printing is by using the {\tt -format} modifier. Here is an example - -\begin{small} -\begin{coq_example} -Notation "'If' c1 'then' c2 'else' c3" := (IF_then_else c1 c2 c3) -(at level 200, right associativity, format -"'[v ' 'If' c1 '/' '[' 'then' c2 ']' '/' '[' 'else' c3 ']' ']'"). -\end{coq_example} -\end{small} - -A {\em format} is an extension of the string denoting the notation with -the possible following elements delimited by single quotes: - -\begin{itemize} -\item extra spaces are translated into simple spaces -\item tokens of the form \verb='/ '= are translated into breaking point, - in case a line break occurs, an indentation of the number of spaces - after the ``\verb=/='' is applied (2 spaces in the given example) -\item token of the form \verb='//'= force writing on a new line -\item well-bracketed pairs of tokens of the form \verb='[ '= and \verb=']'= - are translated into printing boxes; in case a line break occurs, - an extra indentation of the number of spaces given after the ``\verb=[='' - is applied (4 spaces in the example) -\item well-bracketed pairs of tokens of the form \verb='[hv '= and \verb=']'= - are translated into horizontal-orelse-vertical printing boxes; - if the content of the box does not fit on a single line, then every breaking - point forces a newline and an extra indentation of the number of spaces - given after the ``\verb=[='' is applied at the beginning of each newline - (3 spaces in the example) -\item well-bracketed pairs of tokens of the form \verb='[v '= and - \verb=']'= are translated into vertical printing boxes; every - breaking point forces a newline, even if the line is large enough to - display the whole content of the box, and an extra indentation of the - number of spaces given after the ``\verb=[='' is applied at the beginning - of each newline -\end{itemize} - -%Thus, for the previous example, we get -%\footnote{The ``@'' is here to shunt -%the notation "'IF' A 'then' B 'else' C" which is defined in {\Coq} -%initial state}: - -Notations do not survive the end of sections. No typing of the denoted -expression is performed at definition time. Type-checking is done only -at the time of use of the notation. - -\begin{coq_example} -Check - (IF_then_else (IF_then_else True False True) - (IF_then_else True False True) - (IF_then_else True False True)). -\end{coq_example} - -\Rem -Sometimes, a notation is expected only for the parser. -%(e.g. because -%the underlying parser of {\Coq}, namely {\camlpppp}, is LL1 and some extra -%rules are needed to circumvent the absence of factorization). -To do so, the option {\em only parsing} is allowed in the list of modifiers of -\texttt{Notation}. - -Conversely, the {\em only printing} can be used to declare -that a notation should only be used for printing and should not declare a -parsing rule. In particular, such notations do not modify the parser. - -\subsection{The \texttt{Infix} command -\comindex{Infix}} - -The \texttt{Infix} command is a shortening for declaring notations of -infix symbols. Its syntax is - -\begin{quote} -\noindent\texttt{Infix "{\symbolentry}" :=} {\qualid} {\tt (} \nelist{\em modifier}{,} {\tt )}. -\end{quote} - -and it is equivalent to - -\begin{quote} -\noindent\texttt{Notation "x {\symbolentry} y" := ({\qualid} x y) (} \nelist{\em modifier}{,} {\tt )}. -\end{quote} - -where {\tt x} and {\tt y} are fresh names distinct from {\qualid}. Here is an example. - -\begin{coq_example*} -Infix "/\" := and (at level 80, right associativity). -\end{coq_example*} - -\subsection{Reserving notations -\label{ReservedNotation} -\comindex{Reserved Notation}} - -A given notation may be used in different contexts. {\Coq} expects all -uses of the notation to be defined at the same precedence and with the -same associativity. To avoid giving the precedence and associativity -every time, it is possible to declare a parsing rule in advance -without giving its interpretation. Here is an example from the initial -state of {\Coq}. - -\begin{coq_example} -Reserved Notation "x = y" (at level 70, no associativity). -\end{coq_example} - -Reserving a notation is also useful for simultaneously defining an -inductive type or a recursive constant and a notation for it. - -\Rem The notations mentioned on Figure~\ref{init-notations} are -reserved. Hence their precedence and associativity cannot be changed. - -\subsection{Simultaneous definition of terms and notations -\comindex{Fixpoint {\ldots} where {\ldots}} -\comindex{CoFixpoint {\ldots} where {\ldots}} -\comindex{Inductive {\ldots} where {\ldots}}} - -Thanks to reserved notations, the inductive, co-inductive, recursive -and corecursive definitions can benefit of customized notations. To do -this, insert a {\tt where} notation clause after the definition of the -(co)inductive type or (co)recursive term (or after the definition of -each of them in case of mutual definitions). The exact syntax is given -on Figure~\ref{notation-syntax}. Here are examples: - -\begin{coq_eval} -Set Printing Depth 50. -(********** The following is correct but produces an error **********) -(********** because the symbol /\ is already bound **********) -(**** Error: The conclusion of A -> B -> A /\ B is not valid *****) -\end{coq_eval} - -\begin{coq_example*} -Inductive and (A B:Prop) : Prop := conj : A -> B -> A /\ B -where "A /\ B" := (and A B). -\end{coq_example*} - -\begin{coq_eval} -Set Printing Depth 50. -(********** The following is correct but produces an error **********) -(********** because the symbol + is already bound **********) -(**** Error: no recursive definition *****) -\end{coq_eval} - -\begin{coq_example*} -Fixpoint plus (n m:nat) {struct n} : nat := - match n with - | O => m - | S p => S (p+m) - end -where "n + m" := (plus n m). -\end{coq_example*} - -\subsection{Displaying informations about notations -\optindex{Printing Notations}} - -To deactivate the printing of all notations, use the command -\begin{quote} -\tt Unset Printing Notations. -\end{quote} -To reactivate it, use the command -\begin{quote} -\tt Set Printing Notations. -\end{quote} -The default is to use notations for printing terms wherever possible. - -\SeeAlso {\tt Set Printing All} in Section~\ref{SetPrintingAll}. - -\subsection{Locating notations -\comindex{Locate} -\label{LocateSymbol}} - -To know to which notations a given symbol belongs to, use the command -\begin{quote} -\tt Locate {\symbolentry} -\end{quote} -where symbol is any (composite) symbol surrounded by double quotes. To locate -a particular notation, use a string where the variables of the -notation are replaced by ``\_'' and where possible single quotes -inserted around identifiers or tokens starting with a single quote are -dropped. - -\Example -\begin{coq_example} -Locate "exists". -Locate "exists _ .. _ , _". -\end{coq_example} - -\SeeAlso Section \ref{Locate}. - -\begin{figure} -\begin{small} -\begin{centerframe} -\begin{tabular}{lcl} -{\sentence} & ::= & - \zeroone{\tt Local} \texttt{Notation} {\str} \texttt{:=} {\term} - \zeroone{\modifiers} \zeroone{:{\scope}} .\\ - & $|$ & - \zeroone{\tt Local} \texttt{Infix} {\str} \texttt{:=} {\qualid} - \zeroone{\modifiers} \zeroone{:{\scope}} .\\ - & $|$ & - \zeroone{\tt Local} \texttt{Reserved Notation} {\str} - \zeroone{\modifiers} .\\ - & $|$ & {\tt Inductive} - \nelist{{\inductivebody} \zeroone{\declnotation}}{with}{\tt .}\\ - & $|$ & {\tt CoInductive} - \nelist{{\inductivebody} \zeroone{\declnotation}}{with}{\tt .}\\ - & $|$ & {\tt Fixpoint} - \nelist{{\fixpointbody} \zeroone{\declnotation}}{with} {\tt .} \\ - & $|$ & {\tt CoFixpoint} - \nelist{{\cofixpointbody} \zeroone{\declnotation}}{with} {\tt .} \\ -\\ -{\declnotation} & ::= & - \zeroone{{\tt where} \nelist{{\str} {\tt :=} {\term} \zeroone{:{\scope}}}{\tt and}}. -\\ -\\ -{\modifiers} - & ::= & \nelist{\ident}{,} {\tt at level} {\naturalnumber} \\ - & $|$ & \nelist{\ident}{,} {\tt at next level} \\ - & $|$ & {\tt at level} {\naturalnumber} \\ - & $|$ & {\tt left associativity} \\ - & $|$ & {\tt right associativity} \\ - & $|$ & {\tt no associativity} \\ - & $|$ & {\ident} {\tt ident} \\ - & $|$ & {\ident} {\tt binder} \\ - & $|$ & {\ident} {\tt closed binder} \\ - & $|$ & {\ident} {\tt global} \\ - & $|$ & {\ident} {\tt bigint} \\ - & $|$ & {\tt only parsing} \\ - & $|$ & {\tt only printing} \\ - & $|$ & {\tt format} {\str} -\end{tabular} -\end{centerframe} -\end{small} -\caption{Syntax of the variants of {\tt Notation}} -\label{notation-syntax} -\end{figure} - -\subsection{Notations and simple binders} - -Notations can be defined for binders as in the example: - -\begin{coq_eval} -Set Printing Depth 50. -(********** The following is correct but produces **********) -(**** an incompatibility with the reserved notation ********) -\end{coq_eval} -\begin{coq_example*} -Notation "{ x : A | P }" := (sig (fun x : A => P)) (at level 0). -\end{coq_example*} - -The binding variables in the left-hand-side that occur as a parameter -of the notation naturally bind all their occurrences appearing in -their respective scope after instantiation of the parameters of the -notation. - -Contrastingly, the binding variables that are not a parameter of the -notation do not capture the variables of same name that -could appear in their scope after instantiation of the -notation. E.g., for the notation - -\begin{coq_example*} -Notation "'exists_different' n" := (exists p:nat, p<>n) (at level 200). -\end{coq_example*} -the next command fails because {\tt p} does not bind in -the instance of {\tt n}. -\begin{coq_eval} -Set Printing Depth 50. -\end{coq_eval} -% (********** The following produces **********) -% (**** The reference p was not found in the current environment ********) -\begin{coq_example} -Fail Check (exists_different p). -\end{coq_example} - -\Rem Binding variables must not necessarily be parsed using the -{\tt ident} entry. For factorization purposes, they can be said to be -parsed at another level (e.g. {\tt x} in \verb="{ x : A | P }"= must be -parsed at level 99 to be factorized with the notation -\verb="{ A } + { B }"= for which {\tt A} can be any term). -However, even if parsed as a term, this term must at the end be effectively -a single identifier. - -\subsection{Notations with recursive patterns} -\label{RecursiveNotations} - -A mechanism is provided for declaring elementary notations with -recursive patterns. The basic example is: - -\begin{coq_example*} -Notation "[ x ; .. ; y ]" := (cons x .. (cons y nil) ..). -\end{coq_example*} - -On the right-hand side, an extra construction of the form {\tt ..} $t$ -{\tt ..} can be used. Notice that {\tt ..} is part of the {\Coq} -syntax and it must not be confused with the three-dots notation -$\ldots$ used in this manual to denote a sequence of arbitrary size. - -On the left-hand side, the part ``$x$ $s$ {\tt ..} $s$ $y$'' of the -notation parses any number of time (but at least one time) a sequence -of expressions separated by the sequence of tokens $s$ (in the -example, $s$ is just ``{\tt ;}''). - -In the right-hand side, the term enclosed within {\tt ..} must be a -pattern with two holes of the form $\phi([~]_E,[~]_I)$ where the first -hole is occupied either by $x$ or by $y$ and the second hole is -occupied by an arbitrary term $t$ called the {\it terminating} -expression of the recursive notation. The subterm {\tt ..} $\phi(x,t)$ -{\tt ..} (or {\tt ..} $\phi(y,t)$ {\tt ..}) must itself occur at -second position of the same pattern where the first hole is occupied -by the other variable, $y$ or $x$. Otherwise said, the right-hand side -must contain a subterm of the form either $\phi(x,${\tt ..} -$\phi(y,t)$ {\tt ..}$)$ or $\phi(y,${\tt ..} $\phi(x,t)$ {\tt ..}$)$. -The pattern $\phi$ is the {\em iterator} of the recursive notation -and, of course, the name $x$ and $y$ can be chosen arbitrarily. - -The parsing phase produces a list of expressions which are used to -fill in order the first hole of the iterating pattern which is -repeatedly nested as many times as the length of the list, the second -hole being the nesting point. In the innermost occurrence of the -nested iterating pattern, the second hole is finally filled with the -terminating expression. - -In the example above, the iterator $\phi([~]_E,[~]_I)$ is {\tt cons - $[~]_E$ $[~]_I$} and the terminating expression is {\tt nil}. Here are -other examples: -\begin{coq_example*} -Notation "( x , y , .. , z )" := (pair .. (pair x y) .. z) (at level 0). -Notation "[| t * ( x , y , .. , z ) ; ( a , b , .. , c ) * u |]" := - (pair (pair .. (pair (pair t x) (pair t y)) .. (pair t z)) - (pair .. (pair (pair a u) (pair b u)) .. (pair c u))) - (t at level 39). -\end{coq_example*} - -Recursive patterns can occur several times on the right-hand side. -Here is an example: - -\begin{coq_example*} -Notation "[> a , .. , b <]" := - (cons a .. (cons b nil) .., cons b .. (cons a nil) ..). -\end{coq_example*} - -Notations with recursive patterns can be reserved like standard -notations, they can also be declared within interpretation scopes (see -section \ref{scopes}). - -\subsection{Notations with recursive patterns involving binders} - -Recursive notations can also be used with binders. The basic example is: - -\begin{coq_example*} -Notation "'exists' x .. y , p" := (ex (fun x => .. (ex (fun y => p)) ..)) - (at level 200, x binder, y binder, right associativity). -\end{coq_example*} - -The principle is the same as in Section~\ref{RecursiveNotations} -except that in the iterator $\phi([~]_E,[~]_I)$, the first hole is a -placeholder occurring at the position of the binding variable of a {\tt - fun} or a {\tt forall}. - -To specify that the part ``$x$ {\tt ..} $y$'' of the notation -parses a sequence of binders, $x$ and $y$ must be marked as {\tt - binder} in the list of modifiers of the notation. Then, the list of -binders produced at the parsing phase are used to fill in the first -hole of the iterating pattern which is repeatedly nested as many times -as the number of binders generated. If ever the generalization -operator {\tt `} (see Section~\ref{implicit-generalization}) is used -in the binding list, the added binders are taken into account too. - -Binders parsing exist in two flavors. If $x$ and $y$ are marked as -{\tt binder}, then a sequence such as {\tt a b c : T} will be accepted -and interpreted as the sequence of binders {\tt (a:T) (b:T) - (c:T)}. For instance, in the notation above, the syntax {\tt exists - a b : nat, a = b} is provided. - -The variables $x$ and $y$ can also be marked as {\tt closed binder} in -which case only well-bracketed binders of the form {\tt (a b c:T)} or -{\tt \{a b c:T\}} etc. are accepted. - -With closed binders, the recursive sequence in the left-hand side can -be of the general form $x$ $s$ {\tt ..} $s$ $y$ where $s$ is an -arbitrary sequence of tokens. With open binders though, $s$ has to be -empty. Here is an example of recursive notation with closed binders: - -\begin{coq_example*} -Notation "'mylet' f x .. y := t 'in' u":= - (let f := fun x => .. (fun y => t) .. in u) - (at level 200, x closed binder, y closed binder, right associativity). -\end{coq_example*} - -A recursive pattern for binders can be used in position of a recursive -pattern for terms. Here is an example: - -\begin{coq_example*} -Notation "'FUNAPP' x .. y , f" := - (fun x => .. (fun y => (.. (f x) ..) y ) ..) - (at level 200, x binder, y binder, right associativity). -\end{coq_example*} - -\subsection{Summary} - -\paragraph{Syntax of notations} - -The different syntactic variants of the command \texttt{Notation} are -given on Figure~\ref{notation-syntax}. The optional {\tt :{\scope}} is -described in the Section~\ref{scopes}. - -\Rem No typing of the denoted expression is performed at definition -time. Type-checking is done only at the time of use of the notation. - -\Rem Many examples of {\tt Notation} may be found in the files -composing the initial state of {\Coq} (see directory {\tt -\$COQLIB/theories/Init}). - -\Rem The notation \verb="{ x }"= has a special status in such a way -that complex notations of the form \verb="x + { y }"= or -\verb="x * { y }"= can be nested with correct precedences. Especially, -every notation involving a pattern of the form \verb="{ x }"= is -parsed as a notation where the pattern \verb="{ x }"= has been simply -replaced by \verb="x"= and the curly brackets are parsed separately. -E.g. \verb="y + { z }"= is not parsed as a term of the given form but -as a term of the form \verb="y + z"= where \verb=z= has been parsed -using the rule parsing \verb="{ x }"=. Especially, level and -precedences for a rule including patterns of the form \verb="{ x }"= -are relative not to the textual notation but to the notation where the -curly brackets have been removed (e.g. the level and the associativity -given to some notation, say \verb="{ y } & { z }"= in fact applies to -the underlying \verb="{ x }"=-free rule which is \verb="y & z"=). - -\paragraph{Persistence of notations} - -Notations do not survive the end of sections. They survive modules -unless the command {\tt Local Notation} is used instead of {\tt -Notation}. - -\section[Interpretation scopes]{Interpretation scopes\index{Interpretation scopes} -\label{scopes}} -% Introduction - -An {\em interpretation scope} is a set of notations for terms with -their interpretation. Interpretation scopes provide a weak, -purely syntactical form of notation overloading: the same notation, for -instance the infix symbol \verb=+=, can be used to denote distinct -definitions of the additive operator. Depending on which interpretation -scope is currently open, the interpretation is different. -Interpretation scopes can include an interpretation for -numerals and strings. However, this is only made possible at the -{\ocaml} level. - -See Figure \ref{notation-syntax} for the syntax of notations including -the possibility to declare them in a given scope. Here is a typical -example which declares the notation for conjunction in the scope {\tt -type\_scope}. - -\begin{verbatim} -Notation "A /\ B" := (and A B) : type_scope. -\end{verbatim} - -\Rem A notation not defined in a scope is called a {\em lonely} notation. - -\subsection{Global interpretation rules for notations} - -At any time, the interpretation of a notation for term is done within -a {\em stack} of interpretation scopes and lonely notations. In case a -notation has several interpretations, the actual interpretation is the -one defined by (or in) the more recently declared (or open) lonely -notation (or interpretation scope) which defines this notation. -Typically if a given notation is defined in some scope {\scope} but -has also an interpretation not assigned to a scope, then, if {\scope} -is open before the lonely interpretation is declared, then the lonely -interpretation is used (and this is the case even if the -interpretation of the notation in {\scope} is given after the lonely -interpretation: otherwise said, only the order of lonely -interpretations and opening of scopes matters, and not the declaration -of interpretations within a scope). - -The initial state of {\Coq} declares three interpretation scopes and -no lonely notations. These scopes, in opening order, are {\tt -core\_scope}, {\tt type\_scope} and {\tt nat\_scope}. - -The command to add a scope to the interpretation scope stack is -\comindex{Open Scope} -\comindex{Close Scope} -\begin{quote} -{\tt Open Scope} {\scope}. -\end{quote} -It is also possible to remove a scope from the interpretation scope -stack by using the command -\begin{quote} -{\tt Close Scope} {\scope}. -\end{quote} -Notice that this command does not only cancel the last {\tt Open Scope -{\scope}} but all the invocation of it. - -\Rem {\tt Open Scope} and {\tt Close Scope} do not survive the end of -sections where they occur. When defined outside of a section, they are -exported to the modules that import the module where they occur. - -\begin{Variants} - -\item {\tt Local Open Scope} {\scope}. - -\item {\tt Local Close Scope} {\scope}. - -These variants are not exported to the modules that import the module -where they occur, even if outside a section. - -\item {\tt Global Open Scope} {\scope}. - -\item {\tt Global Close Scope} {\scope}. - -These variants survive sections. They behave as if {\tt Global} were -absent when not inside a section. - -\end{Variants} - -\subsection{Local interpretation rules for notations} - -In addition to the global rules of interpretation of notations, some -ways to change the interpretation of subterms are available. - -\subsubsection{Local opening of an interpretation scope -\label{scopechange} -\index{\%} -\comindex{Delimit Scope} -\comindex{Undelimit Scope}} - -It is possible to locally extend the interpretation scope stack using -the syntax ({\term})\%{\delimkey} (or simply {\term}\%{\delimkey} -for atomic terms), where {\delimkey} is a special identifier called -{\em delimiting key} and bound to a given scope. - -In such a situation, the term {\term}, and all its subterms, are -interpreted in the scope stack extended with the scope bound to -{\delimkey}. - -To bind a delimiting key to a scope, use the command - -\begin{quote} -\texttt{Delimit Scope} {\scope} \texttt{with} {\ident} -\end{quote} - -To remove a delimiting key of a scope, use the command - -\begin{quote} -\texttt{Undelimit Scope} {\scope} -\end{quote} - -\subsubsection{Binding arguments of a constant to an interpretation scope -\comindex{Arguments}} - -It is possible to set in advance that some arguments of a given -constant have to be interpreted in a given scope. The command is -\begin{quote} -{\tt Arguments} {\qualid} \nelist{\name {\tt \%}\scope}{} -\end{quote} -where the list is a prefix of the list of the arguments of {\qualid} eventually -annotated with their {\scope}. Grouping round parentheses can be used to -decorate multiple arguments with the same scope. {\scope} can be either a scope -name or its delimiting key. For example the following command puts the first two -arguments of {\tt plus\_fct} in the scope delimited by the key {\tt F} ({\tt - Rfun\_scope}) and the last argument in the scope delimited by the key {\tt R} -({\tt R\_scope}). - -\begin{coq_example*} -Arguments plus_fct (f1 f2)%F x%R. -\end{coq_example*} - -The {\tt Arguments} command accepts scopes decoration to all grouping -parentheses. In the following example arguments {\tt A} and {\tt B} -are marked as maximally inserted implicit arguments and are -put into the {\tt type\_scope} scope. - -\begin{coq_example*} -Arguments respectful {A B}%type (R R')%signature _ _. -\end{coq_example*} - -When interpreting a term, if some of the arguments of {\qualid} are -built from a notation, then this notation is interpreted in the scope -stack extended by the scope bound (if any) to this argument. The -effect of the scope is limited to the argument itself. It does not propagate -to subterms but the subterms that, after interpretation of the -notation, turn to be themselves arguments of a reference are -interpreted accordingly to the arguments scopes bound to this reference. - -Arguments scopes can be cleared with the following command: - -\begin{quote} -{\tt Arguments {\qualid} : clear scopes} -\end{quote} - -\begin{Variants} -\item {\tt Global Arguments} {\qualid} \nelist{\name {\tt \%}\scope}{} - -This behaves like {\tt Arguments} {\qualid} \nelist{\name {\tt \%}\scope}{} -but survives when a section is closed instead -of stopping working at section closing. Without the {\tt Global} modifier, -the effect of the command stops when the section it belongs to ends. - -\item {\tt Local Arguments} {\qualid} \nelist{\name {\tt \%}\scope}{} - -This behaves like {\tt Arguments} {\qualid} \nelist{\name {\tt \%}\scope}{} -but does not survive modules and files. -Without the {\tt Local} modifier, the effect of the command is -visible from within other modules or files. - -\end{Variants} - -\SeeAlso The command to show the scopes bound to the arguments of a -function is described in Section~\ref{About}. - -\subsubsection{Binding types of arguments to an interpretation scope} - -When an interpretation scope is naturally associated to a type -(e.g. the scope of operations on the natural numbers), it may be -convenient to bind it to this type. When a scope {\scope} is bound to -a type {\type}, any new function defined later on gets its arguments -of type {\type} interpreted by default in scope {\scope} (this default -behavior can however be overwritten by explicitly using the command -{\tt Arguments}). - -Whether the argument of a function has some type {\type} is determined -statically. For instance, if {\tt f} is a polymorphic function of type -{\tt forall X:Type, X -> X} and type {\tt t} is bound to a scope -{\scope}, then {\tt a} of type {\tt t} in {\tt f~t~a} is not -recognized as an argument to be interpreted in scope {\scope}. - -\comindex{Bind Scope} -\label{bindscope} -More generally, any coercion {\class} (see Chapter~\ref{Coercions-full}) can be -bound to an interpretation scope. The command to do it is -\begin{quote} -{\tt Bind Scope} {\scope} \texttt{with} {\class} -\end{quote} - -\Example -\begin{coq_example} -Parameter U : Set. -Bind Scope U_scope with U. -Parameter Uplus : U -> U -> U. -Parameter P : forall T:Set, T -> U -> Prop. -Parameter f : forall T:Set, T -> U. -Infix "+" := Uplus : U_scope. -Unset Printing Notations. -Open Scope nat_scope. (* Define + on the nat as the default for + *) -Check (fun x y1 y2 z t => P _ (x + t) ((f _ (y1 + y2) + z))). -\end{coq_example} - -\Rem The scopes {\tt type\_scope} and {\tt function\_scope} also have a local effect on -interpretation. See the next section. - -\SeeAlso The command to show the scopes bound to the arguments of a -function is described in Section~\ref{About}. - -\Rem In notations, the subterms matching the identifiers of the -notations are interpreted in the scope in which the identifiers -occurred at the time of the declaration of the notation. Here is an -example: - -\begin{coq_example} -Parameter g : bool -> bool. -Notation "@@" := true (only parsing) : bool_scope. -Notation "@@" := false (only parsing): mybool_scope. - -(* Defining a notation while the argument of g is bound to bool_scope *) -Bind Scope bool_scope with bool. -Notation "# x #" := (g x) (at level 40). -Check # @@ #. -(* Rebinding the argument of g to mybool_scope has no effect on the notation *) -Arguments g _%mybool_scope. -Check # @@ #. -(* But we can force the scope *) -Delimit Scope mybool_scope with mybool. -Check # @@%mybool #. -\end{coq_example} - -\subsection[The {\tt type\_scope} interpretation scope]{The {\tt type\_scope} interpretation scope\index{type\_scope@\texttt{type\_scope}}} - -The scope {\tt type\_scope} has a special status. It is a primitive -interpretation scope which is temporarily activated each time a -subterm of an expression is expected to be a type. It is delimited by -the key {\tt type}, and bound to the coercion class {\tt Sortclass}. It is also -used in certain situations where an expression is statically known to -be a type, including the conclusion and the type of hypotheses within -an {\tt Ltac} goal match (see Section~\ref{ltac-match-goal}) -the statement of a theorem, the type of -a definition, the type of a binder, the domain and codomain of -implication, the codomain of products, and more generally any type -argument of a declared or defined constant. - -\subsection[The {\tt function\_scope} interpretation scope]{The {\tt function\_scope} interpretation scope\index{function\_scope@\texttt{function\_scope}}} - -The scope {\tt function\_scope} also has a special status. -It is temporarily activated each time the argument of a global reference is -recognized to be a {\tt Funclass instance}, i.e., of type {\tt forall x:A, B} or {\tt A -> B}. - -\subsection{Interpretation scopes used in the standard library of {\Coq}} - -We give an overview of the scopes used in the standard library of -{\Coq}. For a complete list of notations in each scope, use the -commands {\tt Print Scopes} or {\tt Print Scope {\scope}}. - -\subsubsection{\tt type\_scope} - -This scope includes infix {\tt *} for product types and infix {\tt +} for -sum types. It is delimited by key {\tt type}, and bound to the coercion class -{\tt Sortclass}, as described at \ref{bindscope}. - -\subsubsection{\tt nat\_scope} - -This scope includes the standard arithmetical operators and relations on -type {\tt nat}. Positive numerals in this scope are mapped to their -canonical representent built from {\tt O} and {\tt S}. The scope is -delimited by key {\tt nat}, and bound to the type {\tt nat} (see \ref{bindscope}). - -\subsubsection{\tt N\_scope} - -This scope includes the standard arithmetical operators and relations on -type {\tt N} (binary natural numbers). It is delimited by key {\tt N} -and comes with an interpretation for numerals as closed term of type {\tt N}. - -\subsubsection{\tt Z\_scope} - -This scope includes the standard arithmetical operators and relations on -type {\tt Z} (binary integer numbers). It is delimited by key {\tt Z} -and comes with an interpretation for numerals as closed term of type {\tt Z}. - -\subsubsection{\tt positive\_scope} - -This scope includes the standard arithmetical operators and relations on -type {\tt positive} (binary strictly positive numbers). It is -delimited by key {\tt positive} and comes with an interpretation for -numerals as closed term of type {\tt positive}. - -\subsubsection{\tt Q\_scope} - -This scope includes the standard arithmetical operators and relations on -type {\tt Q} (rational numbers defined as fractions of an integer and -a strictly positive integer modulo the equality of the -numerator-denominator cross-product). As for numerals, only $0$ and -$1$ have an interpretation in scope {\tt Q\_scope} (their -interpretations are $\frac{0}{1}$ and $\frac{1}{1}$ respectively). - -\subsubsection{\tt Qc\_scope} - -This scope includes the standard arithmetical operators and relations on the -type {\tt Qc} of rational numbers defined as the type of irreducible -fractions of an integer and a strictly positive integer. - -\subsubsection{\tt real\_scope} - -This scope includes the standard arithmetical operators and relations on -type {\tt R} (axiomatic real numbers). It is delimited by key {\tt R} -and comes with an interpretation for numerals using the {\tt IZR} -morphism from binary integer numbers to {\tt R}. - -\subsubsection{\tt bool\_scope} - -This scope includes notations for the boolean operators. It is -delimited by key {\tt bool}, and bound to the type {\tt bool} (see \ref{bindscope}). - -\subsubsection{\tt list\_scope} - -This scope includes notations for the list operators. It is -delimited by key {\tt list}, and bound to the type {\tt list} (see \ref{bindscope}). - -\subsubsection{\tt function\_scope} - -This scope is delimited by the key {\tt function}, and bound to the coercion class {\tt Funclass}, -as described at \ref{bindscope}. - -\subsubsection{\tt core\_scope} - -This scope includes the notation for pairs. It is delimited by key {\tt core}. - -\subsubsection{\tt string\_scope} - -This scope includes notation for strings as elements of the type {\tt -string}. Special characters and escaping follow {\Coq} conventions -on strings (see Section~\ref{strings}). Especially, there is no -convention to visualize non printable characters of a string. The -file {\tt String.v} shows an example that contains quotes, a newline -and a beep (i.e. the ASCII character of code 7). - -\subsubsection{\tt char\_scope} - -This scope includes interpretation for all strings of the form -\verb!"!$c$\verb!"! where $c$ is an ASCII character, or of the form -\verb!"!$nnn$\verb!"! where $nnn$ is a three-digits number (possibly -with leading 0's), or of the form \verb!""""!. Their respective -denotations are the ASCII code of $c$, the decimal ASCII code $nnn$, -or the ASCII code of the character \verb!"! (i.e. the ASCII code -34), all of them being represented in the type {\tt ascii}. - -\subsection{Displaying informations about scopes} - -\subsubsection{\tt Print Visibility\comindex{Print Visibility}} - -This displays the current stack of notations in scopes and lonely -notations that is used to interpret a notation. The top of the stack -is displayed last. Notations in scopes whose interpretation is hidden -by the same notation in a more recently open scope are not -displayed. Hence each notation is displayed only once. - -\variant - -{\tt Print Visibility {\scope}}\\ - -This displays the current stack of notations in scopes and lonely -notations assuming that {\scope} is pushed on top of the stack. This -is useful to know how a subterm locally occurring in the scope of -{\scope} is interpreted. - -\subsubsection{\tt Print Scope {\scope}\comindex{Print Scope}} - -This displays all the notations defined in interpretation scope -{\scope}. It also displays the delimiting key if any and the class to -which the scope is bound, if any. - -\subsubsection{\tt Print Scopes\comindex{Print Scopes}} - -This displays all the notations, delimiting keys and corresponding -class of all the existing interpretation scopes. -It also displays the lonely notations. - -\section[Abbreviations]{Abbreviations\index{Abbreviations} -\label{Abbreviations} -\comindex{Notation}} - -An {\em abbreviation} is a name, possibly applied to arguments, that -denotes a (presumably) more complex expression. Here are examples: - -\begin{coq_eval} -Require Import List. -Require Import Relations. -Set Printing Notations. -\end{coq_eval} -\begin{coq_example} -Notation Nlist := (list nat). -Check 1 :: 2 :: 3 :: nil. -Notation reflexive R := (forall x, R x x). -Check forall A:Prop, A <-> A. -Check reflexive iff. -\end{coq_example} - -An abbreviation expects no precedence nor associativity, since it -follows the usual syntax of application. Abbreviations are used as -much as possible by the {\Coq} printers unless the modifier -\verb=(only parsing)= is given. - -Abbreviations are bound to an absolute name as an ordinary -definition is, and they can be referred by qualified names too. - -Abbreviations are syntactic in the sense that they are bound to -expressions which are not typed at the time of the definition of the -abbreviation but at the time it is used. Especially, abbreviations can -be bound to terms with holes (i.e. with ``\_''). The general syntax -for abbreviations is -\begin{quote} -\zeroone{{\tt Local}} \texttt{Notation} {\ident} \sequence{\ident} {\ident} \texttt{:=} {\term} - \zeroone{{\tt (only parsing)}}~\verb=.= -\end{quote} - -\Example -\begin{coq_eval} -Set Strict Implicit. -Reset Initial. -\end{coq_eval} -\begin{coq_example} -Definition explicit_id (A:Set) (a:A) := a. -Notation id := (explicit_id _). -Check (id 0). -\end{coq_example} - -Abbreviations do not survive the end of sections. No typing of the denoted -expression is performed at definition time. Type-checking is done only -at the time of use of the abbreviation. - -%\Rem \index{Syntactic Definition} % -%Abbreviations are similar to the {\em syntactic -%definitions} available in versions of {\Coq} prior to version 8.0, -%except that abbreviations are used for printing (unless the modifier -%\verb=(only parsing)= is given) while syntactic definitions were not. - -\section{Tactic Notations -\comindex{Tactic Notation}} - -Tactic notations allow to customize the syntax of the tactics of the -tactic language\footnote{Tactic notations are just a simplification of -the {\tt Grammar tactic simple\_tactic} command that existed in -versions prior to version 8.0.}. Tactic notations obey the following -syntax -\medskip - -\noindent -\begin{tabular}{lcl} -{\sentence} & ::= & \zeroone{\tt Local} \texttt{Tactic Notation} \zeroone{\taclevel} \sequence{\proditem}{} \\ -& & \texttt{:= {\tac} .}\\ -{\proditem} & ::= & {\str} $|$ {\tacargtype}{\tt ({\ident})} \\ -{\taclevel} & ::= & {\tt (at level} {\naturalnumber}{\tt )} \\ -{\tacargtype}\!\! & ::= & -%{\tt preident} $|$ -{\tt ident} $|$ -{\tt simple\_intropattern} $|$ -{\tt reference} \\ & $|$ & -{\tt hyp} $|$ -{\tt hyp\_list} $|$ -{\tt ne\_hyp\_list} \\ & $|$ & -% {\tt quantified\_hypothesis} \\ & $|$ & -{\tt constr} $|$ {\tt uconstr} $|$ -{\tt constr\_list} $|$ -{\tt ne\_constr\_list} \\ & $|$ & -%{\tt castedopenconstr} $|$ -{\tt integer} $|$ -{\tt integer\_list} $|$ -{\tt ne\_integer\_list} \\ & $|$ & -{\tt int\_or\_var} $|$ -{\tt int\_or\_var\_list} $|$ -{\tt ne\_int\_or\_var\_list} \\ & $|$ & -{\tt tactic} $|$ {\tt tactic$n$} \qquad\mbox{(for $0\leq n\leq 5$)} - -\end{tabular} -\medskip - -A tactic notation {\tt Tactic Notation {\taclevel} -{\sequence{\proditem}{}} := {\tac}} extends the parser and -pretty-printer of tactics with a new rule made of the list of -production items. It then evaluates into the tactic expression -{\tac}. For simple tactics, it is recommended to use a terminal -symbol, i.e. a {\str}, for the first production item. The tactic -level indicates the parsing precedence of the tactic notation. This -information is particularly relevant for notations of tacticals. -Levels 0 to 5 are available (default is 0). -To know the parsing precedences of the -existing tacticals, use the command {\tt Print Grammar tactic.} - -Each type of tactic argument has a specific semantic regarding how it -is parsed and how it is interpreted. The semantic is described in the -following table. The last command gives examples of tactics which -use the corresponding kind of argument. - -\medskip -\noindent -\begin{tabular}{l|l|l|l} -Tactic argument type & parsed as & interpreted as & as in tactic \\ -\hline & & & \\ -{\tt\small ident} & identifier & a user-given name & {\tt intro} \\ -{\tt\small simple\_intropattern} & intro\_pattern & an intro\_pattern & {\tt intros}\\ -{\tt\small hyp} & identifier & an hypothesis defined in context & {\tt clear}\\ -%% quantified_hypothesis actually not supported -%%{\tt\small quantified\_hypothesis} & identifier or integer & a named or non dep. hyp. of the goal & {\tt intros until}\\ -{\tt\small reference} & qualified identifier & a global reference of term & {\tt unfold}\\ -{\tt\small constr} & term & a term & {\tt exact} \\ -{\tt\small uconstr} & term & an untyped term & {\tt refine} \\ -%% castedopenconstr actually not supported -%%{\tt\small castedopenconstr} & term & a term with its sign. of exist. var. & {\tt refine}\\ -{\tt\small integer} & integer & an integer & \\ -{\tt\small int\_or\_var} & identifier or integer & an integer & {\tt do} \\ -{\tt\small tactic} & tactic at level 5 & a tactic & \\ -{\tt\small tactic$n$} & tactic at level $n$ & a tactic & \\ -{\tt\small {\nterm{entry}}\_list} & list of {\nterm{entry}} & a list of how {\nterm{entry}} is interpreted & \\ -{\tt\small ne\_{\nterm{entry}}\_list} & non-empty list of {\nterm{entry}} & a list of how {\nterm{entry}} is interpreted& \\ -\end{tabular} - -\Rem In order to be bound in tactic definitions, each syntactic entry -for argument type must include the case of simple {\ltac} identifier -as part of what it parses. This is naturally the case for {\tt ident}, -{\tt simple\_intropattern}, {\tt reference}, {\tt constr}, ... but not -for {\tt integer}. This is the reason for introducing a special entry -{\tt int\_or\_var} which evaluates to integers only but which -syntactically includes identifiers in order to be usable in tactic -definitions. - -\Rem The {\tt {\nterm{entry}}\_list} and {\tt ne\_{\nterm{entry}}\_list} -entries can be used in primitive tactics or in other notations at -places where a list of the underlying entry can be used: {\nterm{entry}} is -either {\tt\small constr}, {\tt\small hyp}, {\tt\small integer} or -{\tt\small int\_or\_var}. - -Tactic notations do not survive the end of sections. They survive -modules unless the command {\tt Local Tactic Notation} is used instead -of {\tt Tactic Notation}. - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% End: diff --git a/doc/refman/RefMan-tac.tex b/doc/refman/RefMan-tac.tex deleted file mode 100644 index 66a5f107a5..0000000000 --- a/doc/refman/RefMan-tac.tex +++ /dev/null @@ -1,5420 +0,0 @@ -% TODO: unify the use of \form and \type to mean a type -% or use \form specifically for a type of type Prop -\chapter{Tactics -\index{Tactics} -\label{Tactics}} -%HEVEA\cutname{tactics.html} - -A deduction rule is a link between some (unique) formula, that we call -the {\em conclusion} and (several) formulas that we call the {\em -premises}. A deduction rule can be read in two ways. The first -one says: {\it ``if I know this and this then I can deduce -this''}. For instance, if I have a proof of $A$ and a proof of $B$ -then I have a proof of $A \land B$. This is forward reasoning from -premises to conclusion. The other way says: {\it ``to prove this I -have to prove this and this''}. For instance, to prove $A \land B$, I -have to prove $A$ and I have to prove $B$. This is backward reasoning -from conclusion to premises. We say that the conclusion -is the {\em goal}\index{goal} to prove and premises are the {\em -subgoals}\index{subgoal}. The tactics implement {\em backward -reasoning}. When applied to a goal, a tactic replaces this goal with -the subgoals it generates. We say that a tactic reduces a goal to its -subgoal(s). - -Each (sub)goal is denoted with a number. The current goal is numbered -1. By default, a tactic is applied to the current goal, but one can -address a particular goal in the list by writing {\sl n:\tac} which -means {\it ``apply tactic {\tac} to goal number {\sl n}''}. -We can show the list of subgoals by typing {\tt Show} (see -Section~\ref{Show}). - -Since not every rule applies to a given statement, every tactic cannot be -used to reduce any goal. In other words, before applying a tactic to a -given goal, the system checks that some {\em preconditions} are -satisfied. If it is not the case, the tactic raises an error message. - -Tactics are built from atomic tactics and tactic expressions (which -extends the folklore notion of tactical) to combine those atomic -tactics. This chapter is devoted to atomic tactics. The tactic -language will be described in Chapter~\ref{TacticLanguage}. - -\section{Invocation of tactics -\label{tactic-syntax} -\index{tactic@{\tac}}} - -A tactic is applied as an ordinary command. It may be preceded by a -goal selector (see Section \ref{ltac:selector}). -If no selector is specified, the default -selector (see Section \ref{default-selector}) is used. - -\newcommand{\toplevelselector}{\nterm{toplevel\_selector}} -\begin{tabular}{lcl} -{\commandtac} & ::= & {\toplevelselector} {\tt :} {\tac} {\tt .}\\ - & $|$ & {\tac} {\tt .} -\end{tabular} -\subsection[\tt Set Default Goal Selector ``\toplevelselector''.] - {\tt Set Default Goal Selector ``\toplevelselector''. - \optindex{Default Goal Selector} - \label{default-selector}} -After using this command, the default selector -- used when no selector -is specified when applying a tactic -- is set to the chosen value. The -initial value is $1$, hence the tactics are, by default, applied to -the first goal. Using {\tt Set Default Goal Selector ``all''} will -make is so that tactics are, by default, applied to every goal -simultaneously. Then, to apply a tactic {\tt tac} to the first goal -only, you can write {\tt 1:tac}. Although more selectors are available, -only {\tt ``all''} or a single natural number are valid default -goal selectors. - -\subsection[\tt Test Default Goal Selector.] - {\tt Test Default Goal Selector.} -This command displays the current default selector. - -\subsection{Bindings list -\index{Binding list} -\label{Binding-list}} - -Tactics that take a term as argument may also support a bindings list, so -as to instantiate some parameters of the term by name or position. -The general form of a term equipped with a bindings list is {\tt -{\term} with {\bindinglist}} where {\bindinglist} may be of two -different forms: - -\begin{itemize} -\item In a bindings list of the form {\tt (\vref$_1$ := \term$_1$) - \dots\ (\vref$_n$ := \term$_n$)}, {\vref} is either an {\ident} or a - {\num}. The references are determined according to the type of - {\term}. If \vref$_i$ is an identifier, this identifier has to be - bound in the type of {\term} and the binding provides the tactic - with an instance for the parameter of this name. If \vref$_i$ is - some number $n$, this number denotes the $n$-th non dependent - premise of the {\term}, as determined by the type of {\term}. - - \ErrMsg \errindex{No such binder} - -\item A bindings list can also be a simple list of terms {\tt - \term$_1$ \dots\ \term$_n$}. In that case the references to - which these terms correspond are determined by the tactic. In case - of {\tt induction}, {\tt destruct}, {\tt elim} and {\tt case} (see - Section~\ref{elim}) the terms have to provide instances for all the - dependent products in the type of \term\ while in the case of {\tt - apply}, or of {\tt constructor} and its variants, only instances for - the dependent products that are not bound in the conclusion of the - type are required. - - \ErrMsg \errindex{Not the right number of missing arguments} -\end{itemize} - -\subsection{Occurrences sets and occurrences clauses} -\label{Occurrences_clauses} -\index{Occurrences clauses} - -An occurrences clause is a modifier to some tactics that obeys the -following syntax: - -\begin{tabular}{lcl} -{\occclause} & ::= & {\tt in} {\occgoalset} \\ -{\occgoalset} & ::= & - \zeroonelax{{\ident$_1$} \zeroone{\atoccurrences} {\tt ,} \\ -& & {\dots} {\tt ,}\\ -& & {\ident$_m$} \zeroone{\atoccurrences}}\\ -& & \zeroone{{\tt |-} \zeroone{{\tt *} \zeroone{\atoccurrences}}}\\ -& | & - {\tt *} {\tt |-} \zeroone{{\tt *} \zeroone{\atoccurrences}}\\ -& | & - {\tt *}\\ -{\atoccurrences} & ::= & {\tt at} {\occlist}\\ -{\occlist} & ::= & \zeroone{{\tt -}} {\num$_1$} \dots\ {\num$_n$} -\end{tabular} - -The role of an occurrence clause is to select a set of occurrences of -a {\term} in a goal. In the first case, the {{\ident$_i$} -\zeroone{{\tt at} {\num$_1^i$} \dots\ {\num$_{n_i}^i$}}} parts -indicate that occurrences have to be selected in the hypotheses named -{\ident$_i$}. If no numbers are given for hypothesis {\ident$_i$}, -then all the occurrences of {\term} in the hypothesis are selected. If -numbers are given, they refer to occurrences of {\term} when the term -is printed using option {\tt Set Printing All} (see -Section~\ref{SetPrintingAll}), counting from left to right. In -particular, occurrences of {\term} in implicit arguments (see -Section~\ref{Implicit Arguments}) or coercions (see -Section~\ref{Coercions}) are counted. - -If a minus sign is given between {\tt at} and the list of occurrences, -it negates the condition so that the clause denotes all the occurrences except -the ones explicitly mentioned after the minus sign. - -As an exception to the left-to-right order, the occurrences in the -{\tt return} subexpression of a {\tt match} are considered {\em -before} the occurrences in the matched term. - -In the second case, the {\tt *} on the left of {\tt |-} means that -all occurrences of {\term} are selected in every hypothesis. - -In the first and second case, if {\tt *} is mentioned on the right of -{\tt |-}, the occurrences of the conclusion of the goal have to be -selected. If some numbers are given, then only the occurrences denoted -by these numbers are selected. In no numbers are given, all -occurrences of {\term} in the goal are selected. - -Finally, the last notation is an abbreviation for {\tt * |- *}. Note -also that {\tt |-} is optional in the first case when no {\tt *} is -given. - -Here are some tactics that understand occurrences clauses: -{\tt set}, {\tt remember}, {\tt induction}, {\tt destruct}. - -\SeeAlso~Sections~\ref{tactic:set}, \ref{Tac-induction}, \ref{SetPrintingAll}. - -\section{Applying theorems} - -\subsection{\tt exact \term} -\tacindex{exact} -\label{exact} - -This tactic applies to any goal. It gives directly the exact proof -term of the goal. Let {\T} be our goal, let {\tt p} be a term of type -{\tt U} then {\tt exact p} succeeds iff {\tt T} and {\tt U} are -convertible (see Section~\ref{conv-rules}). - -\begin{ErrMsgs} -\item \errindex{Not an exact proof} -\end{ErrMsgs} - -\begin{Variants} - \item \texttt{eexact \term}\tacindex{eexact} - - This tactic behaves like \texttt{exact} but is able to handle terms - and goals with meta-variables. - -\end{Variants} - -\subsection{\tt assumption} -\tacindex{assumption} - -This tactic looks in the local context for an -hypothesis which type is equal to the goal. If it is the case, the -subgoal is proved. Otherwise, it fails. - -\begin{ErrMsgs} -\item \errindex{No such assumption} -\end{ErrMsgs} - -\begin{Variants} -\tacindex{eassumption} - \item \texttt{eassumption} - - This tactic behaves like \texttt{assumption} but is able to handle - goals with meta-variables. - -\end{Variants} - -\subsection{\tt refine \term} -\tacindex{refine} -\label{refine} -\label{refine-example} -\index{?@{\texttt{?}}} - -This tactic applies to any goal. It behaves like {\tt exact} with a big -difference: the user can leave some holes (denoted by \texttt{\_} or -{\tt (\_:\type)}) in the term. {\tt refine} will generate as -many subgoals as there are holes in the term. The type of holes must be -either synthesized by the system or declared by an -explicit cast like \verb|(_:nat->Prop)|. Any subgoal that occurs in other -subgoals is automatically shelved, as if calling {\tt shelve\_unifiable} -(see Section~\ref{shelve}). -This low-level tactic can be useful to advanced users. - -\Example - -\begin{coq_example*} -Inductive Option : Set := - | Fail : Option - | Ok : bool -> Option. -\end{coq_example} -\begin{coq_example} -Definition get : forall x:Option, x <> Fail -> bool. -refine - (fun x:Option => - match x return x <> Fail -> bool with - | Fail => _ - | Ok b => fun _ => b - end). -intros; absurd (Fail = Fail); trivial. -\end{coq_example} -\begin{coq_example*} -Defined. -\end{coq_example*} - -\begin{ErrMsgs} -\item \errindex{invalid argument}: - the tactic \texttt{refine} does not know what to do - with the term you gave. -\item \texttt{Refine passed ill-formed term}: the term you gave is not - a valid proof (not easy to debug in general). - This message may also occur in higher-level tactics that call - \texttt{refine} internally. -\item \errindex{Cannot infer a term for this placeholder}: - there is a hole in the term you gave - which type cannot be inferred. Put a cast around it. -\end{ErrMsgs} - -\begin{Variants} -\item {\tt simple refine \term}\tacindex{simple refine} - - This tactic behaves like {\tt refine}, but it does not shelve any - subgoal. It does not perform any beta-reduction either. -\item {\tt notypeclasses refine \term}\tacindex{notypeclasses refine} - - This tactic behaves like {\tt refine} except it performs typechecking - without resolution of typeclasses. - -\item {\tt simple notypeclasses refine \term}\tacindex{simple - notypeclasses refine} - - This tactic behaves like {\tt simple refine} except it performs typechecking - without resolution of typeclasses. -\end{Variants} - -\subsection{\tt apply \term} -\tacindex{apply} -\label{apply} -\label{eapply} - -This tactic applies to any goal. The argument {\term} is a term -well-formed in the local context. The tactic {\tt apply} tries to -match the current goal against the conclusion of the type of {\term}. -If it succeeds, then the tactic returns as many subgoals as the number -of non-dependent premises of the type of {\term}. If the conclusion of -the type of {\term} does not match the goal {\em and} the conclusion -is an inductive type isomorphic to a tuple type, then each component -of the tuple is recursively matched to the goal in the left-to-right -order. - -The tactic {\tt apply} relies on first-order unification with -dependent types unless the conclusion of the type of {\term} is of the -form {\tt ($P$ $t_1$ \dots\ $t_n$)} with $P$ to be instantiated. In -the latter case, the behavior depends on the form of the goal. If the -goal is of the form {\tt (fun $x$ => $Q$)~$u_1$~\ldots~$u_n$} and the -$t_i$ and $u_i$ unifies, then $P$ is taken to be {\tt (fun $x$ => $Q$)}. -Otherwise, {\tt apply} tries to define $P$ by abstracting over -$t_1$~\ldots ~$t_n$ in the goal. See {\tt pattern} in -Section~\ref{pattern} to transform the goal so that it gets the form -{\tt (fun $x$ => $Q$)~$u_1$~\ldots~$u_n$}. - -\begin{ErrMsgs} -\item \errindex{Unable to unify \dots\ with \dots} - - The {\tt apply} - tactic failed to match the conclusion of {\term} and the current goal. - You can help the {\tt apply} tactic by transforming your - goal with the {\tt change} or {\tt pattern} tactics (see - sections~\ref{pattern},~\ref{change}). - -\item \errindex{Unable to find an instance for the variables -{\ident} \dots\ {\ident}} - - This occurs when some instantiations of the premises of {\term} are not - deducible from the unification. This is the case, for instance, when - you want to apply a transitivity property. In this case, you have to - use one of the variants below: - -\end{ErrMsgs} - -\begin{Variants} - -\item{\tt apply {\term} with {\term$_1$} \dots\ {\term$_n$}} - \tacindex{apply \dots\ with} - - Provides {\tt apply} with explicit instantiations for all dependent - premises of the type of {\term} that do not occur in the conclusion - and consequently cannot be found by unification. Notice that - {\term$_1$} \mbox{\dots} {\term$_n$} must be given according to the order - of these dependent premises of the type of {\term}. - - \ErrMsg \errindex{Not the right number of missing arguments} - -\item{\tt apply {\term} with ({\vref$_1$} := {\term$_1$}) \dots\ ({\vref$_n$} - := {\term$_n$})} - - This also provides {\tt apply} with values for instantiating - premises. Here, variables are referred by names and non-dependent - products by increasing numbers (see syntax in Section~\ref{Binding-list}). - -\item {\tt apply \term$_1$ , \mbox{\dots} , \term$_n$} - - This is a shortcut for {\tt apply} {\term$_1$} {\tt ; [ ..~|} - \ldots~{\tt ; [ ..~| {\tt apply} {\term$_n$} ]} \ldots~{\tt ]}, i.e. for the - successive applications of {\term$_{i+1}$} on the last subgoal - generated by {\tt apply} {\term$_i$}, starting from the application - of {\term$_1$}. - -\item {\tt eapply \term}\tacindex{eapply} - - The tactic {\tt eapply} behaves like {\tt apply} but it does not fail - when no instantiations are deducible for some variables in the - premises. Rather, it turns these variables into - existential variables which are variables still to instantiate (see - Section~\ref{evars}). The instantiation is intended to be found - later in the proof. - -\item {\tt simple apply {\term}} \tacindex{simple apply} - - This behaves like {\tt apply} but it reasons modulo conversion only - on subterms that contain no variables to instantiate. For instance, - the following example does not succeed because it would require the - conversion of {\tt id ?foo} and {\tt O}. - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} -\begin{coq_example*} -Definition id (x : nat) := x. -Hypothesis H : forall y, id y = y. -Goal O = O. -\end{coq_example*} -\begin{coq_example} -Fail simple apply H. -\end{coq_example} - - Because it reasons modulo a limited amount of conversion, {\tt - simple apply} fails quicker than {\tt apply} and it is then - well-suited for uses in used-defined tactics that backtrack often. - Moreover, it does not traverse tuples as {\tt apply} does. - -\item \zeroone{{\tt simple}} {\tt apply} {\term$_1$} \zeroone{{\tt with} - {\bindinglist$_1$}} {\tt ,} \ldots {\tt ,} {\term$_n$} \zeroone{{\tt with} - {\bindinglist$_n$}}\\ - \zeroone{{\tt simple}} {\tt eapply} {\term$_1$} \zeroone{{\tt with} - {\bindinglist$_1$}} {\tt ,} \ldots {\tt ,} {\term$_n$} \zeroone{{\tt with} - {\bindinglist$_n$}} - - This summarizes the different syntaxes for {\tt apply} and {\tt eapply}. - -\item {\tt lapply {\term}} \tacindex{lapply} - - This tactic applies to any goal, say {\tt G}. The argument {\term} - has to be well-formed in the current context, its type being - reducible to a non-dependent product {\tt A -> B} with {\tt B} - possibly containing products. Then it generates two subgoals {\tt - B->G} and {\tt A}. Applying {\tt lapply H} (where {\tt H} has type - {\tt A->B} and {\tt B} does not start with a product) does the same - as giving the sequence {\tt cut B. 2:apply H.} where {\tt cut} is - described below. - - \Warning When {\term} contains more than one non - dependent product the tactic {\tt lapply} only takes into account the - first product. - -\end{Variants} - -\Example -Assume we have a transitive relation {\tt R} on {\tt nat}: -\label{eapply-example} - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} -\begin{coq_example*} -Variable R : nat -> nat -> Prop. -Hypothesis Rtrans : forall x y z:nat, R x y -> R y z -> R x z. -Variables n m p : nat. -Hypothesis Rnm : R n m. -Hypothesis Rmp : R m p. -\end{coq_example*} - -Consider the goal {\tt (R n p)} provable using the transitivity of -{\tt R}: - -\begin{coq_example*} -Goal R n p. -\end{coq_example*} - -The direct application of {\tt Rtrans} with {\tt apply} fails because -no value for {\tt y} in {\tt Rtrans} is found by {\tt apply}: - -%\begin{coq_eval} -%Set Printing Depth 50. -%(********** The following is not correct and should produce **********) -%(**** Error: generated subgoal (R n ?17) has metavariables in it *****) -%\end{coq_eval} -\begin{coq_example} -Fail apply Rtrans. -\end{coq_example} - -A solution is to apply {\tt (Rtrans n m p)} or {\tt (Rtrans n m)}. - -\begin{coq_example} -apply (Rtrans n m p). -\end{coq_example} - -\begin{coq_eval} -Undo. -\end{coq_eval} - -Note that {\tt n} can be inferred from the goal, so the following would -work too. - -\begin{coq_example*} -apply (Rtrans _ m). -\end{coq_example*} -\begin{coq_eval} -Undo. -\end{coq_eval} - -More elegantly, {\tt apply Rtrans with (y:=m)} allows only mentioning -the unknown {\tt m}: - -\begin{coq_example*} -apply Rtrans with (y := m). -\end{coq_example*} -\begin{coq_eval} -Undo. -\end{coq_eval} - -Another solution is to mention the proof of {\tt (R x y)} in {\tt -Rtrans} \ldots - -\begin{coq_example} -apply Rtrans with (1 := Rnm). -\end{coq_example} -\begin{coq_eval} -Undo. -\end{coq_eval} - -\ldots or the proof of {\tt (R y z)}. - -\begin{coq_example} -apply Rtrans with (2 := Rmp). -\end{coq_example} -\begin{coq_eval} -Undo. -\end{coq_eval} - -On the opposite, one can use {\tt eapply} which postpones the problem -of finding {\tt m}. Then one can apply the hypotheses {\tt Rnm} and {\tt -Rmp}. This instantiates the existential variable and completes the proof. - -\begin{coq_example} -eapply Rtrans. -apply Rnm. -apply Rmp. -\end{coq_example} - -\begin{coq_eval} -Reset R. -\end{coq_eval} - -\noindent {\bf Remark: } When the conclusion of the type of the term -to apply is an inductive type isomorphic to a tuple type and {\em apply} -looks recursively whether a component of the tuple matches the goal, -it excludes components whose statement would result in applying an -universal lemma of the form {\tt forall A, ... -> A}. Excluding this -kind of lemma can be avoided by setting the following option: - -\begin{quote} -\optindex{Universal Lemma Under Conjunction} -{\tt Set Universal Lemma Under Conjunction} -\end{quote} - -This option, which preserves compatibility with versions of {\Coq} -prior to 8.4 is also available for {\tt apply {\term} in {\ident}} -(see Section~\ref{apply-in}). - -\subsection{\tt apply {\term} in {\ident}} -\label{apply-in} -\tacindex{apply \dots\ in} - -This tactic applies to any goal. The argument {\term} is a term -well-formed in the local context and the argument {\ident} is an -hypothesis of the context. The tactic {\tt apply {\term} in {\ident}} -tries to match the conclusion of the type of {\ident} against a -non-dependent premise of the type of {\term}, trying them from right to -left. If it succeeds, the statement of hypothesis {\ident} is -replaced by the conclusion of the type of {\term}. The tactic also -returns as many subgoals as the number of other non-dependent premises -in the type of {\term} and of the non-dependent premises of the type -of {\ident}. If the conclusion of the type of {\term} does not match -the goal {\em and} the conclusion is an inductive type isomorphic to a -tuple type, then the tuple is (recursively) decomposed and the first -component of the tuple of which a non-dependent premise matches the -conclusion of the type of {\ident}. Tuples are decomposed in a -width-first left-to-right order (for instance if the type of {\tt H1} -is a \verb=A <-> B= statement, and the type of {\tt H2} is \verb=A= -then {\tt apply H1 in H2} transforms the type of {\tt H2} into {\tt - B}). The tactic {\tt apply} relies on first-order pattern-matching -with dependent types. - -\begin{ErrMsgs} -\item \errindex{Statement without assumptions} - -This happens if the type of {\term} has no non dependent premise. - -\item \errindex{Unable to apply} - -This happens if the conclusion of {\ident} does not match any of the -non dependent premises of the type of {\term}. -\end{ErrMsgs} - -\begin{Variants} -\item {\tt apply \nelist{\term}{,} in {\ident}} - -This applies each of {\term} in sequence in {\ident}. - -\item {\tt apply \nelist{{\term} with {\bindinglist}}{,} in {\ident}} - -This does the same but uses the bindings in each {\bindinglist} to -instantiate the parameters of the corresponding type of {\term} -(see syntax of bindings in Section~\ref{Binding-list}). - -\item {\tt eapply \nelist{{\term} with {\bindinglist}}{,} in {\ident}} -\tacindex{eapply \dots\ in} - -This works as {\tt apply \nelist{{\term} with {\bindinglist}}{,} in -{\ident}} but turns unresolved bindings into existential variables, if -any, instead of failing. - -\item {\tt apply \nelist{{\term} with {\bindinglist}}{,} in {\ident} as {\intropattern}} - -This works as {\tt apply \nelist{{\term} with {\bindinglist}}{,} in -{\ident}} then applies the {\intropattern} to the hypothesis {\ident}. - -\item {\tt eapply \nelist{{\term} with {\bindinglist}}{,} in {\ident} as {\intropattern}} - -This works as {\tt apply \nelist{{\term} with {\bindinglist}}{,} in {\ident} as {\intropattern}} but using {\tt eapply}. - -\item {\tt simple apply {\term} in {\ident}} -\tacindex{simple apply \dots\ in} -\tacindex{simple eapply \dots\ in} - -This behaves like {\tt apply {\term} in {\ident}} but it reasons -modulo conversion only on subterms that contain no variables to -instantiate. For instance, if {\tt id := fun x:nat => x} and {\tt H : - forall y, id y = y -> True} and {\tt H0 :\ O = O} then {\tt simple - apply H in H0} does not succeed because it would require the -conversion of {\tt id ?1234} and {\tt O} where {\tt ?1234} is a variable to -instantiate. Tactic {\tt simple apply {\term} in {\ident}} does not -either traverse tuples as {\tt apply {\term} in {\ident}} does. - -\item {\tt \zeroone{simple} apply \nelist{{\term} \zeroone{with {\bindinglist}}}{,} in {\ident} \zeroone{as {\intropattern}}}\\ -{\tt \zeroone{simple} eapply \nelist{{\term} \zeroone{with {\bindinglist}}}{,} in {\ident} \zeroone{as {\intropattern}}} - -This summarizes the different syntactic variants of {\tt apply {\term} - in {\ident}} and {\tt eapply {\term} in {\ident}}. -\end{Variants} - -\subsection{\tt constructor \num} -\label{constructor} -\tacindex{constructor} - -This tactic applies to a goal such that its conclusion is -an inductive type (say {\tt I}). The argument {\num} must be less -or equal to the numbers of constructor(s) of {\tt I}. Let {\tt ci} be -the {\tt i}-th constructor of {\tt I}, then {\tt constructor i} is -equivalent to {\tt intros; apply ci}. - -\begin{ErrMsgs} -\item \errindex{Not an inductive product} -\item \errindex{Not enough constructors} -\end{ErrMsgs} - -\begin{Variants} -\item \texttt{constructor} - - This tries \texttt{constructor 1} then \texttt{constructor 2}, - \dots\ , then \texttt{constructor} \textit{n} where \textit{n} is - the number of constructors of the head of the goal. - -\item {\tt constructor \num~with} {\bindinglist} - - Let {\tt ci} be the {\tt i}-th constructor of {\tt I}, then {\tt - constructor i with \bindinglist} is equivalent to {\tt intros; - apply ci with \bindinglist}. - - \Warning the terms in the \bindinglist\ are checked - in the context where {\tt constructor} is executed and not in the - context where {\tt apply} is executed (the introductions are not - taken into account). - -% To document? -% \item {\tt constructor {\tactic}} - -\item {\tt split}\tacindex{split} - - This applies only if {\tt I} has a single constructor. It is then - equivalent to {\tt constructor 1}. It is typically used in the case - of a conjunction $A\land B$. - - \ErrMsg \errindex{Not an inductive goal with 1 constructor} - -\item {\tt exists {\bindinglist}}\tacindex{exists} - - This applies only if {\tt I} has a single constructor. It is then - equivalent to {\tt intros; constructor 1 with \bindinglist}. It is - typically used in the case of an existential quantification $\exists - x, P(x)$. - - \ErrMsg \errindex{Not an inductive goal with 1 constructor} - -\item {\tt exists \nelist{\bindinglist}{,}} - - This iteratively applies {\tt exists {\bindinglist}}. - -\item {\tt left}\tacindex{left}\\ - {\tt right}\tacindex{right} - - These tactics apply only if {\tt I} has two constructors, for instance - in the case of a - disjunction $A\lor B$. Then, they are respectively equivalent to {\tt - constructor 1} and {\tt constructor 2}. - - \ErrMsg \errindex{Not an inductive goal with 2 constructors} - -\item {\tt left with \bindinglist}\\ - {\tt right with \bindinglist}\\ - {\tt split with \bindinglist} - - As soon as the inductive type has the right number of constructors, - these expressions are equivalent to calling {\tt - constructor $i$ with \bindinglist} for the appropriate $i$. - -\item \texttt{econstructor}\tacindex{econstructor}\\ - \texttt{eexists}\tacindex{eexists}\\ - \texttt{esplit}\tacindex{esplit}\\ - \texttt{eleft}\tacindex{eleft}\\ - \texttt{eright}\tacindex{eright} - - These tactics and their variants behave like \texttt{constructor}, - \texttt{exists}, \texttt{split}, \texttt{left}, \texttt{right} and - their variants but they introduce existential variables instead of - failing when the instantiation of a variable cannot be found (cf - \texttt{eapply} and Section~\ref{eapply-example}). - -\end{Variants} - -\section{Managing the local context} - -\subsection{\tt intro} -\tacindex{intro} -\label{intro} - -This tactic applies to a goal that is either a product or starts with -a let binder. If the goal is a product, the tactic implements the -``Lam''\index{Typing rules!Lam} rule given in -Section~\ref{Typed-terms}\footnote{Actually, only the second subgoal will be -generated since the other one can be automatically checked.}. If the -goal starts with a let binder, then the tactic implements a mix of the -``Let''\index{Typing rules!Let} and ``Conv''\index{Typing rules!Conv}. - -If the current goal is a dependent product $\forall x:T,~U$ (resp {\tt -let $x$:=$t$ in $U$}) then {\tt intro} puts {\tt $x$:$T$} (resp {\tt $x$:=$t$}) - in the local context. -% Obsolete (quantified names already avoid hypotheses names): -% Otherwise, it puts -% {\tt x}{\it n}{\tt :T} where {\it n} is such that {\tt x}{\it n} is a -%fresh name. -The new subgoal is $U$. -% If the {\tt x} has been renamed {\tt x}{\it n} then it is replaced -% by {\tt x}{\it n} in {\tt U}. - -If the goal is a non-dependent product $T \to U$, then it puts -in the local context either {\tt H}{\it n}{\tt :$T$} (if $T$ is of -type {\tt Set} or {\tt Prop}) or {\tt X}{\it n}{\tt :$T$} (if the type -of $T$ is {\tt Type}). The optional index {\it n} is such that {\tt -H}{\it n} or {\tt X}{\it n} is a fresh identifier. -In both cases, the new subgoal is $U$. - -If the goal is neither a product nor starting with a let definition, -the tactic {\tt intro} applies the tactic {\tt hnf} until the tactic -{\tt intro} can be applied or the goal is not head-reducible. - -\begin{ErrMsgs} -\item \errindex{No product even after head-reduction} -\item \errindexbis{{\ident} is already used}{is already used} -\end{ErrMsgs} - -\begin{Variants} - -\item {\tt intros}\tacindex{intros} - - This repeats {\tt intro} until it meets the head-constant. It never reduces - head-constants and it never fails. - -\item {\tt intro {\ident}} - - This applies {\tt intro} but forces {\ident} to be the name of the - introduced hypothesis. - - \ErrMsg \errindex{name {\ident} is already used} - - \Rem If a name used by {\tt intro} hides the base name of a global - constant then the latter can still be referred to by a qualified name - (see \ref{LongNames}). - -\item {\tt intros \ident$_1$ \dots\ \ident$_n$} - - This is equivalent to the composed tactic {\tt intro \ident$_1$; \dots\ ; - intro \ident$_n$}. - - More generally, the \texttt{intros} tactic takes a pattern as - argument in order to introduce names for components of an inductive - definition or to clear introduced hypotheses. This is explained - in~\ref{intros-pattern}. - -\item {\tt intros until {\ident}} \tacindex{intros until} - - This repeats {\tt intro} until it meets a premise of the goal having form - {\tt (} {\ident}~{\tt :}~{\term} {\tt )} and discharges the variable - named {\ident} of the current goal. - - \ErrMsg \errindex{No such hypothesis in current goal} - -\item {\tt intros until {\num}} \tacindex{intros until} - - This repeats {\tt intro} until the {\num}-th non-dependent product. For - instance, on the subgoal % - \verb+forall x y:nat, x=y -> y=x+ the tactic \texttt{intros until 1} - is equivalent to \texttt{intros x y H}, as \verb+x=y -> y=x+ is the - first non-dependent product. And on the subgoal % - \verb+forall x y z:nat, x=y -> y=x+ the tactic \texttt{intros until 1} - is equivalent to \texttt{intros x y z} as the product on \texttt{z} - can be rewritten as a non-dependent product: % - \verb+forall x y:nat, nat -> x=y -> y=x+ - - - \ErrMsg \errindex{No such hypothesis in current goal} - - This happens when {\num} is 0 or is greater than the number of non-dependent - products of the goal. - -\item {\tt intro after \ident} \tacindex{intro after}\\ - {\tt intro before \ident} \tacindex{intro before}\\ - {\tt intro at top} \tacindex{intro at top}\\ - {\tt intro at bottom} \tacindex{intro at bottom} - - These tactics apply {\tt intro} and move the freshly introduced hypothesis - respectively after the hypothesis \ident{}, before the hypothesis - \ident{}, at the top of the local context, or at the bottom of the - local context. All hypotheses on which the new hypothesis depends - are moved too so as to respect the order of dependencies between - hypotheses. Note that {\tt intro at bottom} is a synonym for {\tt - intro} with no argument. - - \ErrMsg \errindex{No such hypothesis} : {\ident} - -\item {\tt intro \ident$_1$ after \ident$_2$}\\ - {\tt intro \ident$_1$ before \ident$_2$}\\ - {\tt intro \ident$_1$ at top}\\ - {\tt intro \ident$_1$ at bottom} - - These tactics behave as previously but naming the introduced hypothesis - \ident$_1$. It is equivalent to {\tt intro \ident$_1$} followed by - the appropriate call to {\tt move}~(see Section~\ref{move}). - -\end{Variants} - -\subsection{\tt intros {\intropatternlist}} -\label{intros-pattern} -\tacindex{intros \intropattern} -\index{Introduction patterns} -\index{Naming introduction patterns} -\index{Disjunctive/conjunctive introduction patterns} -\index{Disjunctive/conjunctive introduction patterns} -\index{Equality introduction patterns} - -This extension of the tactic {\tt intros} allows to apply tactics on -the fly on the variables or hypotheses which have been introduced. An -{\em introduction pattern list} {\intropatternlist} is a list of -introduction patterns possibly containing the filling introduction -patterns {\tt *} and {\tt **}. An {\em introduction pattern} is -either: -\begin{itemize} -\item a {\em naming introduction pattern}, i.e. either one of: - \begin{itemize} - \item the pattern \texttt{?} - \item the pattern \texttt{?\ident} - \item an identifier - \end{itemize} -\item an {\em action introduction pattern} which itself classifies into: - \begin{itemize} - \item a {\em disjunctive/conjunctive introduction pattern}, i.e. either one of: - \begin{itemize} - \item a disjunction of lists of patterns: - {\tt [$\intropatternlist_1$ | \dots\ | $\intropatternlist_n$]} - \item a conjunction of patterns: {\tt ($p_1$ , \dots\ , $p_n$)} - \item a list of patterns {\tt ($p_1$ \&\ \dots\ \&\ $p_n$)} - for sequence of right-associative binary constructs - \end{itemize} - \item an {\em equality introduction pattern}, i.e. either one of: - \begin{itemize} - \item a pattern for decomposing an equality: {\tt [= $p_1$ \dots\ $p_n$]} - \item the rewriting orientations: {\tt ->} or {\tt <-} - \end{itemize} - \item the on-the-fly application of lemmas: $p${\tt \%{\term$_1$}} - \ldots {\tt \%{\term$_n$}} where $p$ itself is not a pattern for - on-the-fly application of lemmas (note: syntax is in experimental stage) - \end{itemize} -\item the wildcard: {\tt \_} -\end{itemize} - -Assuming a goal of type $Q \to P$ (non-dependent product), or -of type $\forall x:T,~P$ (dependent product), the behavior of -{\tt intros $p$} is defined inductively over the structure of the -introduction pattern~$p$: -\begin{itemize} -\item introduction on \texttt{?} performs the introduction, and lets {\Coq} - choose a fresh name for the variable; -\item introduction on \texttt{?\ident} performs the introduction, and - lets {\Coq} choose a fresh name for the variable based on {\ident}; -\item introduction on \texttt{\ident} behaves as described in - Section~\ref{intro}; -\item introduction over a disjunction of list of patterns {\tt - [$\intropatternlist_{1}$ | \dots\ | $\intropatternlist_n$]} expects - the product to be over an inductive type whose number of - constructors is $n$ (or more generally over a type of conclusion an - inductive type built from $n$ constructors, e.g. {\tt C -> - A\textbackslash/B} with $n=2$ since {\tt A\textbackslash/B} has 2 - constructors): it destructs the introduced hypothesis as {\tt - destruct} (see Section~\ref{destruct}) would and applies on each - generated subgoal the corresponding tactic; - \texttt{intros}~$\intropatternlist_i$. The introduction patterns in - $\intropatternlist_i$ are expected to consume no more than the - number of arguments of the $i^{\mbox{\scriptsize th}}$ - constructor. If it consumes less, then {\Coq} completes the pattern - so that all the arguments of the constructors of the inductive type - are introduced (for instance, the list of patterns {\tt [$\;$|$\;$] - H} applied on goal {\tt forall x:nat, x=0 -> 0=x} behaves the same - as the list of patterns {\tt [$\,$|$\,$?$\,$] H}); -\item introduction over a conjunction of patterns {\tt ($p_1$, \ldots, - $p_n$)} expects the goal to be a product over an inductive type $I$ with a - single constructor that itself has at least $n$ arguments: it - performs a case analysis over the hypothesis, as {\tt destruct} - would, and applies the patterns $p_1$~\ldots~$p_n$ to the arguments - of the constructor of $I$ (observe that {\tt ($p_1$, {\ldots}, - $p_n$)} is an alternative notation for {\tt [$p_1$ {\ldots} - $p_n$]}); -\item introduction via {\tt ($p_1$ \& \dots\ \& $p_n$)} - is a shortcut for introduction via - {\tt ($p_1$,(\ldots,(\dots,$p_n$)\ldots))}; it expects the - hypothesis to be a sequence of right-associative binary inductive - constructors such as {\tt conj} or {\tt ex\_intro}; for instance, an - hypothesis with type {\tt A\verb|/\|(exists x, B\verb|/\|C\verb|/\|D)} can be - introduced via pattern {\tt (a \& x \& b \& c \& d)}; -\item if the product is over an equality type, then a pattern of the - form {\tt [= $p_{1}$ \dots\ $p_n$]} applies either {\tt injection} - (see Section~\ref{injection}) or {\tt discriminate} (see - Section~\ref{discriminate}) instead of {\tt destruct}; if {\tt - injection} is applicable, the patterns $p_1$, \ldots, $p_n$ are - used on the hypotheses generated by {\tt injection}; if the number - of patterns is smaller than the number of hypotheses generated, the - pattern \texttt{?} is used to complete the list; - %TODO! - %if {\tt discriminate} is applicable, the list of patterns $p_{1}$ - %\dots\ $p_n$ is supposed to be empty; -\item introduction over {\tt ->} (respectively {\tt <-}) expects the - hypothesis to be an equality and the right-hand-side (respectively - the left-hand-side) is replaced by the left-hand-side (respectively - the right-hand-side) in the conclusion of the goal; the hypothesis - itself is erased; if the term to substitute is a variable, it is - substituted also in the context of goal and the variable is removed - too; -\item introduction over a pattern $p${\tt \%{\term$_1$}} \ldots {\tt - \%{\term$_n$}} first applies {\term$_1$},\ldots, {\term$_n$} on the - hypothesis to be introduced (as in {\tt apply }{\term}$_1$, \ldots, - {\term}$_n$ {\tt in}) prior to the application of the introduction - pattern $p$; -\item introduction on the wildcard depends on whether the product is - dependent or not: in the non-dependent case, it erases the - corresponding hypothesis (i.e. it behaves as an {\tt intro} followed - by a {\tt clear}, cf Section~\ref{clear}) while in the dependent - case, it succeeds and erases the variable only if the wildcard is - part of a more complex list of introduction patterns that also - erases the hypotheses depending on this variable; -\item introduction over {\tt *} introduces all forthcoming quantified - variables appearing in a row; introduction over {\tt **} introduces - all forthcoming quantified variables or hypotheses until the goal is - not any more a quantification or an implication. -\end{itemize} - -\Example - -\begin{coq_example} -Goal forall A B C:Prop, A \/ B /\ C -> (A -> C) -> C. -intros * [a | (_,c)] f. -\end{coq_example} -\begin{coq_eval} -Abort. -\end{coq_eval} - -\Rem {\tt intros $p_1~\ldots~p_n$} is not equivalent to \texttt{intros - $p_1$;\ldots; intros $p_n$} for the following reason: If one of the -$p_i$ is a wildcard pattern, he might succeed in the first case -because the further hypotheses it depends in are eventually erased too -while it might fail in the second case because of dependencies in -hypotheses which are not yet introduced (and a fortiori not yet -erased). - -\Rem In {\tt intros $\intropatternlist$}, if the last introduction -pattern is a disjunctive or conjunctive pattern {\tt - [$\intropatternlist_1$ | \dots\ | $\intropatternlist_n$]}, the -completion of $\intropatternlist_i$ so that all the arguments of the -$i^{\mbox{\scriptsize th}}$ constructors of the corresponding -inductive type are introduced can be controlled with the -following option: -\optindex{Bracketing Last Introduction Pattern} - -\begin{quote} -{\tt Set Bracketing Last Introduction Pattern} -\end{quote} - -Force completion, if needed, when the last introduction pattern is a -disjunctive or conjunctive pattern (this is the default). - -\begin{quote} -{\tt Unset Bracketing Last Introduction Pattern} -\end{quote} - -Deactivate completion when the last introduction pattern is a disjunctive -or conjunctive pattern. - - - -\subsection{\tt clear \ident} -\tacindex{clear} -\label{clear} - -This tactic erases the hypothesis named {\ident} in the local context -of the current goal. As a consequence, {\ident} is no more displayed and no more -usable in the proof development. - -\begin{ErrMsgs} -\item \errindex{No such hypothesis} -\item \errindexbis{{\ident} is used in the conclusion}{is used in the - conclusion} -\item \errindexbis{{\ident} is used in the hypothesis {\ident'}}{is - used in the hypothesis} -\end{ErrMsgs} - -\begin{Variants} - -\item {\tt clear {\ident$_1$} \dots\ {\ident$_n$}} - - This is equivalent to {\tt clear {\ident$_1$}. {\ldots} clear - {\ident$_n$}.} - -\item {\tt clearbody {\ident}}\tacindex{clearbody} - - This tactic expects {\ident} to be a local definition then clears - its body. Otherwise said, this tactic turns a definition into an - assumption. - - \ErrMsg \errindexbis{{\ident} is not a local definition}{is not a local definition} - -\item \texttt{clear - {\ident$_1$} \dots\ {\ident$_n$}} - - This tactic clears all the hypotheses except the ones depending in - the hypotheses named {\ident$_1$} {\ldots} {\ident$_n$} and in the - goal. - -\item \texttt{clear} - - This tactic clears all the hypotheses except the ones the goal depends on. - -\item {\tt clear dependent \ident \tacindex{clear dependent}} - - This clears the hypothesis \ident\ and all the hypotheses - that depend on it. - -\end{Variants} - -\subsection{\tt revert \ident$_1$ \dots\ \ident$_n$} -\tacindex{revert} -\label{revert} - -This applies to any goal with variables \ident$_1$ \dots\ \ident$_n$. -It moves the hypotheses (possibly defined) to the goal, if this respects -dependencies. This tactic is the inverse of {\tt intro}. - -\begin{ErrMsgs} -\item \errindex{No such hypothesis} -\item \errindexbis{{\ident} is used in the hypothesis {\ident'}}{is - used in the hypothesis} -\end{ErrMsgs} - -\begin{Variants} -\item {\tt revert dependent \ident \tacindex{revert dependent}} - - This moves to the goal the hypothesis {\ident} and all the hypotheses - that depend on it. - -\end{Variants} - -\subsection{\tt move {\ident$_1$} after {\ident$_2$}} -\tacindex{move} -\label{move} - -This moves the hypothesis named {\ident$_1$} in the local context -after the hypothesis named {\ident$_2$}, where ``after'' is in -reference to the direction of the move. The proof term is not changed. - -If {\ident$_1$} comes before {\ident$_2$} in the order of -dependencies, then all the hypotheses between {\ident$_1$} and -{\ident$_2$} that (possibly indirectly) depend on {\ident$_1$} are -moved too, and all of them are thus moved after {\ident$_2$} in the -order of dependencies. - -If {\ident$_1$} comes after {\ident$_2$} in the order of dependencies, -then all the hypotheses between {\ident$_1$} and {\ident$_2$} that -(possibly indirectly) occur in the type of {\ident$_1$} are moved -too, and all of them are thus moved before {\ident$_2$} in the order -of dependencies. - -\begin{Variants} - -\item {\tt move {\ident$_1$} before {\ident$_2$}} - -This moves {\ident$_1$} towards and just before the hypothesis named -{\ident$_2$}. As for {\tt move {\ident$_1$} after {\ident$_2$}}, -dependencies over {\ident$_1$} (when {\ident$_1$} comes before -{\ident$_2$} in the order of dependencies) or in the type of -{\ident$_1$} (when {\ident$_1$} comes after {\ident$_2$} in the order -of dependencies) are moved too. - -\item {\tt move {\ident} at top} - -This moves {\ident} at the top of the local context (at the beginning of the context). - -\item {\tt move {\ident} at bottom} - -This moves {\ident} at the bottom of the local context (at the end of the context). - -\end{Variants} - -\begin{ErrMsgs} - -\item \errindex{No such hypothesis} - -\item \errindex{Cannot move {\ident$_1$} after {\ident$_2$}: - it occurs in the type of {\ident$_2$}} - -\item \errindex{Cannot move {\ident$_1$} after {\ident$_2$}: - it depends on {\ident$_2$}} - -\end{ErrMsgs} - -\Example - -\begin{coq_example} -Goal forall x :nat, x = 0 -> forall z y:nat, y=y-> 0=x. -intros x H z y H0. -move x after H0. -Undo. -move x before H0. -Undo. -move H0 after H. -Undo. -move H0 before H. -\end{coq_example} -\begin{coq_eval} -Abort. -\end{coq_eval} - -\subsection{\tt rename {\ident$_1$} into {\ident$_2$}} -\tacindex{rename} - -This renames hypothesis {\ident$_1$} into {\ident$_2$} in the current -context. The name of the hypothesis in the proof-term, however, is left -unchanged. - -\begin{Variants} - -\item {\tt rename {\ident$_1$} into {\ident$_2$}, \ldots, - {\ident$_{2k-1}$} into {\ident$_{2k}$}} - -This renames the variables {\ident$_1$} \ldots {\ident$_2k-1$} into respectively -{\ident$_2$} \ldots {\ident$_2k$} in parallel. In particular, the target -identifiers may contain identifiers that exist in the source context, as long -as the latter are also renamed by the same tactic. - -\end{Variants} - -\begin{ErrMsgs} -\item \errindex{No such hypothesis} -\item \errindexbis{{\ident$_2$} is already used}{is already used} -\end{ErrMsgs} - -\subsection{\tt set ( {\ident} := {\term} )} -\label{tactic:set} -\tacindex{set} - -This replaces {\term} by {\ident} in the conclusion of the current goal -and adds the new definition {\tt {\ident} := \term} to the local context. - -If {\term} has holes (i.e. subexpressions of the form ``\_''), the -tactic first checks that all subterms matching the pattern are -compatible before doing the replacement using the leftmost subterm -matching the pattern. - -\begin{ErrMsgs} -\item \errindex{The variable {\ident} is already defined} -\end{ErrMsgs} - -\begin{Variants} - -\item {\tt set ( {\ident} := {\term} ) in {\occgoalset}} - -This notation allows specifying which occurrences of {\term} have to -be substituted in the context. The {\tt in {\occgoalset}} clause is an -occurrence clause whose syntax and behavior are described in -Section~\ref{Occurrences_clauses}. - -\item {\tt set ( {\ident} \nelistnosep{\binder} := {\term} )} - - This is equivalent to {\tt set ( {\ident} := fun - \nelistnosep{\binder} => {\term} )}. - -\item {\tt set \term} - - This behaves as {\tt set (} {\ident} := {\term} {\tt )} but {\ident} - is generated by {\Coq}. This variant also supports an occurrence clause. - -\item {\tt set ( {\ident$_0$} \nelistnosep{\binder} := {\term} ) in {\occgoalset}}\\ - {\tt set {\term} in {\occgoalset}} - - These are the general forms that combine the previous possibilities. - -\item {\tt eset ( {\ident$_0$} \nelistnosep{\binder} := {\term} ) in {\occgoalset}}\tacindex{eset}\\ - {\tt eset {\term} in {\occgoalset}} - - While the different variants of \texttt{set} expect that no - existential variables are generated by the tactic, \texttt{eset} - removes this constraint. In practice, this is relevant only when - \texttt{eset} is used as a synonym of \texttt{epose}, i.e. when the - term does not occur in the goal. - -\item {\tt remember {\term} as {\ident}}\tacindex{remember} - - This behaves as {\tt set ( {\ident} := {\term} ) in *} and using a - logical (Leibniz's) equality instead of a local definition. - -\item {\tt remember {\term} as {\ident} eqn:{\ident}} - - This behaves as {\tt remember {\term} as {\ident}}, except - that the name of the generated equality is also given. - -\item {\tt remember {\term} as {\ident} in {\occgoalset}} - - This is a more general form of {\tt remember} that remembers the - occurrences of {\term} specified by an occurrences set. - -\item - {\tt eremember {\term} as {\ident}}\tacindex{eremember}\\ - {\tt eremember {\term} as {\ident} in {\occgoalset}}\\ - {\tt eremember {\term} as {\ident} eqn:{\ident}} - - While the different variants of \texttt{remember} expect that no - existential variables are generated by the tactic, \texttt{eremember} - removes this constraint. - -\item {\tt pose ( {\ident} := {\term} )}\tacindex{pose} - - This adds the local definition {\ident} := {\term} to the current - context without performing any replacement in the goal or in the - hypotheses. It is equivalent to {\tt set ( {\ident} {\tt :=} - {\term} {\tt ) in |-}}. - -\item {\tt pose ( {\ident} \nelistnosep{\binder} := {\term} )} - - This is equivalent to {\tt pose (} {\ident} {\tt :=} {\tt fun} - \nelistnosep{\binder} {\tt =>} {\term} {\tt )}. - -\item{\tt pose {\term}} - - This behaves as {\tt pose ( {\ident} := {\term} )} but - {\ident} is generated by {\Coq}. - -\item {\tt epose ( {\ident} := {\term} )}\tacindex{epose}\\ - {\tt epose ( {\ident} \nelistnosep{\binder} := {\term} )}\\ - {\tt epose {\term}} - - While the different variants of \texttt{pose} expect that no - existential variables are generated by the tactic, \texttt{epose} - removes this constraint. - -\end{Variants} - -\subsection{\tt decompose [ {\qualid$_1$} \dots\ {\qualid$_n$} ] \term} -\label{decompose} -\tacindex{decompose} - -This tactic recursively decomposes a -complex proposition in order to obtain atomic ones. - -\Example - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} -\begin{coq_example} -Goal forall A B C:Prop, A /\ B /\ C \/ B /\ C \/ C /\ A -> C. -intros A B C H; decompose [and or] H; assumption. -\end{coq_example} -\begin{coq_example*} -Qed. -\end{coq_example*} - -{\tt decompose} does not work on right-hand sides of implications or products. - -\begin{Variants} - -\item {\tt decompose sum \term}\tacindex{decompose sum} - - This decomposes sum types (like \texttt{or}). - -\item {\tt decompose record \term}\tacindex{decompose record} - - This decomposes record types (inductive types with one constructor, - like \texttt{and} and \texttt{exists} and those defined with the - \texttt{Record} macro, see Section~\ref{Record}). - -\end{Variants} - -\section{Controlling the proof flow} - -\subsection{\tt assert ( {\ident} :\ {\form} )} -\tacindex{assert} - -This tactic applies to any goal. {\tt assert (H : U)} adds a new -hypothesis of name \texttt{H} asserting \texttt{U} to the current goal -and opens a new subgoal \texttt{U}\footnote{This corresponds to the - cut rule of sequent calculus.}. The subgoal {\texttt U} comes first -in the list of subgoals remaining to prove. - -\begin{ErrMsgs} -\item \errindex{Not a proposition or a type} - - Arises when the argument {\form} is neither of type {\tt Prop}, {\tt - Set} nor {\tt Type}. - -\end{ErrMsgs} - -\begin{Variants} - -\item{\tt assert {\form}} - - This behaves as {\tt assert ( {\ident} :\ {\form} )} but - {\ident} is generated by {\Coq}. - -\item \texttt{assert {\form} by {\tac}}\tacindex{assert by} - - This tactic behaves like \texttt{assert} but applies {\tac} - to solve the subgoals generated by \texttt{assert}. - - \ErrMsg \errindex{Proof is not complete} - -\item \texttt{assert {\form} as {\intropattern}\tacindex{assert as}} - - If {\intropattern} is a naming introduction pattern (see - Section~\ref{intros-pattern}), the hypothesis is named after this - introduction pattern (in particular, if {\intropattern} is {\ident}, - the tactic behaves like \texttt{assert ({\ident} :\ {\form})}). - - If {\intropattern} is an action introduction pattern, the tactic - behaves like \texttt{assert {\form}} followed by the action done by - this introduction pattern. - -\item \texttt{assert {\form} as {\intropattern} by {\tac}} - - This combines the two previous variants of {\tt assert}. - -\item{\tt assert ( {\ident} := {\term} )} - - This behaves as {\tt assert ({\ident} :\ {\type}) by exact {\term}} - where {\type} is the type of {\term}. This is deprecated in favor of - {\tt pose proof}. - - If the head of {\term} is {\ident}, the tactic behaves as - {\tt specialize \term}. - - \ErrMsg \errindex{Variable {\ident} is already declared} - -\item \texttt{eassert {\form} as {\intropattern} by {\tac}}\tacindex{eassert}\tacindex{eassert as}\tacindex{eassert by}\\ - {\tt assert ( {\ident} := {\term} )} - - While the different variants of \texttt{assert} expect that no - existential variables are generated by the tactic, \texttt{eassert} - removes this constraint. This allows not to specify the asserted - statement completely before starting to prove it. - -\item \texttt{pose proof {\term} \zeroone{as {\intropattern}}\tacindex{pose proof}} - - This tactic behaves like \texttt{assert T \zeroone{as {\intropattern}} by - exact {\term}} where \texttt{T} is the type of {\term}. - - In particular, \texttt{pose proof {\term} as {\ident}} behaves as - \texttt{assert ({\ident} := {\term})} and \texttt{pose proof {\term} - as {\intropattern}} is the same as applying - the {\intropattern} to {\term}. - -\item \texttt{epose proof {\term} \zeroone{as {\intropattern}}\tacindex{epose proof}} - - While \texttt{pose proof} expects that no existential variables are generated by the tactic, - \texttt{epose proof} removes this constraint. - -\item \texttt{enough ({\ident} :\ {\form})}\tacindex{enough} - - This adds a new hypothesis of name {\ident} asserting {\form} to the - goal the tactic \texttt{enough} is applied to. A new subgoal stating - \texttt{\form} is inserted after the initial goal rather than before - it as \texttt{assert} would do. - -\item \texttt{enough {\form}}\tacindex{enough} - - This behaves like \texttt{enough ({\ident} :\ {\form})} with the name - {\ident} of the hypothesis generated by {\Coq}. - -\item \texttt{enough {\form} as {\intropattern}\tacindex{enough as}} - - This behaves like \texttt{enough} {\form} using {\intropattern} to - name or destruct the new hypothesis. - -\item \texttt{enough ({\ident} :\ {\form}) by {\tac}}\tacindex{enough by}\\ - \texttt{enough {\form} by {\tac}}\tacindex{enough by}\\ - \texttt{enough {\form} as {\intropattern} by {\tac}} - - This behaves as above but with {\tac} expected to solve the initial - goal after the extra assumption {\form} is added and possibly - destructed. If the \texttt{as} {\intropattern} clause generates more - than one subgoal, {\tac} is applied to all of them. - -\item \texttt{eenough ({\ident} :\ {\form}) by {\tac}}\tacindex{eenough}\tacindex{eenough as}\tacindex{eenough by}\\ - \texttt{eenough {\form} by {\tac}}\tacindex{enough by}\\ - \texttt{eenough {\form} as {\intropattern} by {\tac}} - - While the different variants of \texttt{enough} expect that no - existential variables are generated by the tactic, \texttt{eenough} - removes this constraint. - -\item {\tt cut {\form}}\tacindex{cut} - - This tactic applies to any goal. It implements the non-dependent - case of the ``App''\index{Typing rules!App} rule given in - Section~\ref{Typed-terms}. (This is Modus Ponens inference rule.) - {\tt cut U} transforms the current goal \texttt{T} into the two - following subgoals: {\tt U -> T} and \texttt{U}. The subgoal {\tt U - -> T} comes first in the list of remaining subgoal to prove. - -\item {\tt specialize ({\ident} \term$_1$ \dots\ \term$_n$)\tacindex{specialize} \zeroone{as \intropattern}}\\ - {\tt specialize {\ident} with {\bindinglist} \zeroone{as \intropattern}} - - The tactic {\tt specialize} works on local hypothesis \ident. - The premises of this hypothesis (either universal - quantifications or non-dependent implications) are instantiated - by concrete terms coming either from arguments \term$_1$ - $\ldots$ \term$_n$ or from a bindings list (see - Section~\ref{Binding-list} for more about bindings lists). - In the first form the application to \term$_1$ {\ldots} - \term$_n$ can be partial. The first form is equivalent to - {\tt assert ({\ident} := {\ident} {\term$_1$} \dots\ \term$_n$)}. - - In the second form, instantiation elements can also be partial. - In this case the uninstantiated arguments are inferred by - unification if possible or left quantified in the hypothesis - otherwise. - - With the {\tt as} clause, the local hypothesis {\ident} is left - unchanged and instead, the modified hypothesis is introduced as - specified by the {\intropattern}. - - The name {\ident} can also refer to a global lemma or - hypothesis. In this case, for compatibility reasons, the - behavior of {\tt specialize} is close to that of {\tt - generalize}: the instantiated statement becomes an additional - premise of the goal. The {\tt as} clause is especially useful - in this case to immediately introduce the instantiated statement - as a local hypothesis. - - \begin{ErrMsgs} - \item \errindexbis{{\ident} is used in hypothesis \ident'}{is used in hypothesis} - \item \errindexbis{{\ident} is used in conclusion}{is used in conclusion} - \end{ErrMsgs} - -%% Moreover, the old syntax allows the use of a number after {\tt specialize} -%% for controlling the number of premises to instantiate. Giving this -%% number should not be mandatory anymore (automatic detection of how -%% many premises can be eaten without leaving meta-variables). Hence -%% no documentation for this integer optional argument of specialize - -\end{Variants} - -\subsection{\tt generalize \term} -\tacindex{generalize} -\label{generalize} - -This tactic applies to any goal. It generalizes the conclusion with -respect to some term. - -\Example - -\begin{coq_eval} -Goal forall x y:nat, (0 <= x + y + y). -intros. -\end{coq_eval} -\begin{coq_example} -Show. -generalize (x + y + y). -\end{coq_example} - -\begin{coq_eval} -Abort. -\end{coq_eval} - -If the goal is $G$ and $t$ is a subterm of type $T$ in the goal, then -{\tt generalize} \textit{t} replaces the goal by {\tt forall (x:$T$), $G'$} -where $G'$ is obtained from $G$ by replacing all occurrences of $t$ by -{\tt x}. The name of the variable (here {\tt n}) is chosen based on $T$. - -\begin{Variants} -\item {\tt generalize {\term$_1$ , \dots\ , \term$_n$}} - - This is equivalent to {\tt generalize \term$_n$; \dots\ ; generalize - \term$_1$}. Note that the sequence of \term$_i$'s are processed - from $n$ to $1$. - -\item {\tt generalize {\term} at {\num$_1$ \dots\ \num$_i$}} - - This is equivalent to {\tt generalize \term} but it generalizes only over - the specified occurrences of {\term} (counting from left to right on the - expression printed using option {\tt Set Printing All}). - -\item {\tt generalize {\term} as {\ident}} - - This is equivalent to {\tt generalize \term} but it uses {\ident} to name the - generalized hypothesis. - -\item {\tt generalize {\term$_1$} at {\num$_{11}$ \dots\ \num$_{1i_1}$} - as {\ident$_1$} - , {\ldots} , - {\term$_n$} at {\num$_{n1}$ \mbox{\dots} \num$_{ni_n}$} - as {\ident$_2$}} - - This is the most general form of {\tt generalize} that combines the - previous behaviors. - -\item {\tt generalize dependent \term} \tacindex{generalize dependent} - - This generalizes {\term} but also {\em all} hypotheses that depend - on {\term}. It clears the generalized hypotheses. - -\end{Variants} - -\subsection{\tt evar ( {\ident} :\ {\term} )} -\tacindex{evar} -\label{evar} - -The {\tt evar} tactic creates a new local definition named \ident\ with -type \term\ in the context. The body of this binding is a fresh -existential variable. - -\subsection{\tt instantiate ( {\ident} := {\term} )} -\tacindex{instantiate} -\label{instantiate} - -The {\tt instantiate} tactic refines (see Section~\ref{refine}) -an existential variable {\ident} with the term {\term}. -It is equivalent to {\tt only [\ident]: refine \term} (preferred alternative). - -\begin{Remarks} -\item To be able to refer to an existential variable by name, the -user must have given the name explicitly (see~\ref{ExistentialVariables}). - -\item When you are referring to hypotheses which you did not name -explicitly, be aware that Coq may make a different decision on how to -name the variable in the current goal and in the context of the -existential variable. This can lead to surprising behaviors. -\end{Remarks} - -\begin{Variants} - - \item {\tt instantiate ( {\num} := {\term} )} - This variant allows to refer to an existential variable which was not - named by the user. The {\num} argument is the position of the - existential variable from right to left in the goal. - Because this variant is not robust to slight changes in the goal, - its use is strongly discouraged. - - \item {\tt instantiate ( {\num} := {\term} ) in \ident} - - \item {\tt instantiate ( {\num} := {\term} ) in ( Value of {\ident} )} - - \item {\tt instantiate ( {\num} := {\term} ) in ( Type of {\ident} )} - -These allow to refer respectively to existential variables occurring in -a hypothesis or in the body or the type of a local definition. - - \item {\tt instantiate} - - Without argument, the {\tt instantiate} tactic tries to solve as - many existential variables as possible, using information gathered - from other tactics in the same tactical. This is automatically - done after each complete tactic (i.e. after a dot in proof mode), - but not, for example, between each tactic when they are sequenced - by semicolons. - -\end{Variants} - -\subsection{\tt admit} -\tacindex{admit} -\tacindex{give\_up} -\label{admit} - -The {\tt admit} tactic allows temporarily skipping a subgoal so as to -progress further in the rest of the proof. A proof containing -admitted goals cannot be closed with {\tt Qed} but only with -{\tt Admitted}. - -\begin{Variants} - - \item {\tt give\_up} - - Synonym of {\tt admit}. - -\end{Variants} - -\subsection{\tt absurd \term} -\tacindex{absurd} -\label{absurd} - -This tactic applies to any goal. The argument {\term} is any -proposition {\tt P} of type {\tt Prop}. This tactic applies {\tt - False} elimination, that is it deduces the current goal from {\tt - False}, and generates as subgoals {\tt $\sim$P} and {\tt P}. It is -very useful in proofs by cases, where some cases are impossible. In -most cases, \texttt{P} or $\sim$\texttt{P} is one of the hypotheses of -the local context. - -\subsection{\tt contradiction} -\label{contradiction} -\tacindex{contradiction} - -This tactic applies to any goal. The {\tt contradiction} tactic -attempts to find in the current context (after all {\tt intros}) an -hypothesis that is equivalent to an empty inductive type (e.g. {\tt - False}), to the negation of a singleton inductive type (e.g. {\tt - True} or {\tt x=x}), or two contradictory hypotheses. - -\begin{ErrMsgs} -\item \errindex{No such assumption} -\end{ErrMsgs} - -\begin{Variants} -\item {\tt contradiction \ident} - -The proof of {\tt False} is searched in the hypothesis named \ident. -\end{Variants} - -\subsection{\tt contradict \ident} -\label{contradict} -\tacindex{contradict} - -This tactic allows manipulating negated hypothesis and goals. The -name \ident\ should correspond to a hypothesis. With -{\tt contradict H}, the current goal and context is transformed in -the following way: -\begin{itemize} -\item {\tt H:$\neg$A $\vd$ B} \ becomes \ {\tt $\vd$ A} -\item {\tt H:$\neg$A $\vd$ $\neg$B} \ becomes \ {\tt H: B $\vd$ A } -\item {\tt H: A $\vd$ B} \ becomes \ {\tt $\vd$ $\neg$A} -\item {\tt H: A $\vd$ $\neg$B} \ becomes \ {\tt H: B $\vd$ $\neg$A} -\end{itemize} - -\subsection{\tt exfalso} -\label{exfalso} -\tacindex{exfalso} - -This tactic implements the ``ex falso quodlibet'' logical principle: -an elimination of {\tt False} is performed on the current goal, and the -user is then required to prove that {\tt False} is indeed provable in -the current context. This tactic is a macro for {\tt elimtype False}. - -\section{Case analysis and induction} - -The tactics presented in this section implement induction or case -analysis on inductive or co-inductive objects (see -Section~\ref{Cic-inductive-definitions}). - -\subsection{\tt destruct \term} -\tacindex{destruct} -\label{destruct} - -This tactic applies to any goal. The argument {\term} must be of -inductive or co-inductive type and the tactic generates subgoals, one -for each possible form of {\term}, i.e. one for each constructor of -the inductive or co-inductive type. Unlike {\tt induction}, no -induction hypothesis is generated by {\tt destruct}. - -There are special cases: - -\begin{itemize} - -\item If {\term} is an identifier {\ident} denoting a quantified - variable of the conclusion of the goal, then {\tt destruct {\ident}} - behaves as {\tt intros until {\ident}; destruct {\ident}}. If - {\ident} is not anymore dependent in the goal after application of - {\tt destruct}, it is erased (to avoid erasure, use - parentheses, as in {\tt destruct ({\ident})}). - -\item If {\term} is a {\num}, then {\tt destruct {\num}} behaves as -{\tt intros until {\num}} followed by {\tt destruct} applied to the -last introduced hypothesis. Remark: For destruction of a numeral, use -syntax {\tt destruct ({\num})} (not very interesting anyway). - -\item In case {\term} is an hypothesis {\ident} of the context, - and {\ident} is not anymore dependent in the goal after - application of {\tt destruct}, it is erased (to avoid erasure, use - parentheses, as in {\tt destruct ({\ident})}). - -\item The argument {\term} can also be a pattern of which holes are - denoted by ``\_''. In this case, the tactic checks that all subterms - matching the pattern in the conclusion and the hypotheses are - compatible and performs case analysis using this subterm. - -\end{itemize} - -\begin{Variants} -\item{\tt destruct \term$_1$, \ldots, \term$_n$} - - This is a shortcut for {\tt destruct \term$_1$; \ldots; destruct \term$_n$}. - -\item{\tt destruct {\term} as {\disjconjintropattern}} - - This behaves as {\tt destruct {\term}} but uses the names in - {\intropattern} to name the variables introduced in the context. - The {\intropattern} must have the form {\tt [} $p_{11}$ \ldots - $p_{1n_1}$ {\tt |} {\ldots} {\tt |} $p_{m1}$ \ldots $p_{mn_m}$ - {\tt ]} with $m$ being the number of constructors of the type of - {\term}. Each variable introduced by {\tt destruct} in the context - of the $i^{th}$ goal gets its name from the list $p_{i1}$ \ldots - $p_{in_i}$ in order. If there are not enough names, {\tt destruct} - invents names for the remaining variables to introduce. More - generally, the $p_{ij}$ can be any introduction pattern (see - Section~\ref{intros-pattern}). This provides a concise notation for - chaining destruction of an hypothesis. - -% It is recommended to use this variant of {\tt destruct} for -% robust proof scripts. - -\item{\tt destruct {\term} eqn:{\namingintropattern}} - - This behaves as {\tt destruct {\term}} but adds an equation between - {\term} and the value that {\term} takes in each of the possible - cases. The name of the equation is specified by {\namingintropattern} - (see Section~\ref{intros-pattern}), in particular {\tt ?} can be - used to let Coq generate a fresh name. - -\item{\tt destruct {\term} with \bindinglist} - - This behaves like \texttt{destruct {\term}} providing explicit - instances for the dependent premises of the type of {\term} (see - syntax of bindings in Section~\ref{Binding-list}). - -\item{\tt edestruct {\term}\tacindex{edestruct}} - - This tactic behaves like \texttt{destruct {\term}} except that it - does not fail if the instance of a dependent premises of the type of - {\term} is not inferable. Instead, the unresolved instances are left - as existential variables to be inferred later, in the same way as - {\tt eapply} does (see Section~\ref{eapply-example}). - -\item{\tt destruct {\term$_1$} using {\term$_2$}}\\ - {\tt destruct {\term$_1$} using {\term$_2$} with {\bindinglist}} - - These are synonyms of {\tt induction {\term$_1$} using {\term$_2$}} and - {\tt induction {\term$_1$} using {\term$_2$} with {\bindinglist}}. - -\item \texttt{destruct {\term} in {\occgoalset}} - - This syntax is used for selecting which occurrences of {\term} the - case analysis has to be done on. The {\tt in {\occgoalset}} clause is an - occurrence clause whose syntax and behavior is described in - Section~\ref{Occurrences_clauses}. - -\item{\tt destruct {\term$_1$} with {\bindinglist$_1$} - as {\disjconjintropattern} eqn:{\namingintropattern} - using {\term$_2$} with {\bindinglist$_2$} in {\occgoalset}}\\ - {\tt edestruct {\term$_1$} with {\bindinglist$_1$} - as {\disjconjintropattern} eqn:{\namingintropattern} - using {\term$_2$} with {\bindinglist$_2$} in {\occgoalset}} - - These are the general forms of {\tt destruct} and {\tt edestruct}. - They combine the effects of the {\tt with}, {\tt as}, {\tt eqn:}, {\tt using}, - and {\tt in} clauses. - -\item{\tt case \term}\label{case}\tacindex{case} - - The tactic {\tt case} is a more basic tactic to perform case - analysis without recursion. It behaves as {\tt elim \term} but using - a case-analysis elimination principle and not a recursive one. - -\item {\tt case {\term} with {\bindinglist}} - - Analogous to {\tt elim {\term} with {\bindinglist}} above. - -\item{\tt ecase {\term}\tacindex{ecase}}\\ - {\tt ecase {\term} with {\bindinglist}} - - In case the type of {\term} has dependent premises, or dependent - premises whose values are not inferable from the {\tt with - {\bindinglist}} clause, {\tt ecase} turns them into existential - variables to be resolved later on. - -\item {\tt simple destruct \ident}\tacindex{simple destruct} - - This tactic behaves as {\tt intros until - {\ident}; case {\tt {\ident}}} when {\ident} is a quantified - variable of the goal. - -\item {\tt simple destruct {\num}} - - This tactic behaves as {\tt intros until - {\num}; case {\tt {\ident}}} where {\ident} is the name given by - {\tt intros until {\num}} to the {\num}-th non-dependent premise of - the goal. - -\item{\tt case\_eq \term}\label{case_eq}\tacindex{case\_eq} - - The tactic {\tt case\_eq} is a variant of the {\tt case} tactic that - allow to perform case analysis on a term without completely - forgetting its original form. This is done by generating equalities - between the original form of the term and the outcomes of the case - analysis. - -% The effect of this tactic is similar to the effect of {\tt -% destruct {\term} in |- *} with the exception that no new hypotheses -% are introduced in the context. - -\end{Variants} - -\subsection{\tt induction \term} -\tacindex{induction} -\label{Tac-induction} - -This tactic applies to any goal. The argument {\term} must be of -inductive type and the tactic {\tt induction} generates subgoals, -one for each possible form of {\term}, i.e. one for each constructor -of the inductive type. - -If the argument is dependent in either the conclusion or some -hypotheses of the goal, the argument is replaced by the appropriate -constructor form in each of the resulting subgoals and induction -hypotheses are added to the local context using names whose prefix is -{\tt IH}. - -There are particular cases: - -\begin{itemize} - -\item If {\term} is an identifier {\ident} denoting a quantified - variable of the conclusion of the goal, then {\tt induction - {\ident}} behaves as {\tt intros until {\ident}; induction - {\ident}}. If {\ident} is not anymore dependent in the goal - after application of {\tt induction}, it is erased (to avoid - erasure, use parentheses, as in {\tt induction ({\ident})}). - -\item If {\term} is a {\num}, then {\tt induction {\num}} behaves as -{\tt intros until {\num}} followed by {\tt induction} applied to the -last introduced hypothesis. Remark: For simple induction on a numeral, -use syntax {\tt induction ({\num})} (not very interesting anyway). - -\item In case {\term} is an hypothesis {\ident} of the context, - and {\ident} is not anymore dependent in the goal after - application of {\tt induction}, it is erased (to avoid erasure, use - parentheses, as in {\tt induction ({\ident})}). - -\item The argument {\term} can also be a pattern of which holes are - denoted by ``\_''. In this case, the tactic checks that all subterms - matching the pattern in the conclusion and the hypotheses are - compatible and performs induction using this subterm. - -\end{itemize} - -\Example - -\begin{coq_example} -Lemma induction_test : forall n:nat, n = n -> n <= n. -intros n H. -induction n. -\end{coq_example} - -\begin{ErrMsgs} -\item \errindex{Not an inductive product} -\item \errindex{Unable to find an instance for the variables -{\ident} \ldots {\ident}} - - Use in this case - the variant {\tt elim \dots\ with \dots} below. -\end{ErrMsgs} - -\begin{Variants} -\item{\tt induction {\term} as {\disjconjintropattern}} - - This behaves as {\tt induction {\term}} but uses the names in - {\disjconjintropattern} to name the variables introduced in the context. - The {\disjconjintropattern} must typically be of the form - {\tt [} $p_{11}$ {\ldots} - $p_{1n_1}$ {\tt |} {\ldots} {\tt |} $p_{m1}$ {\ldots} $p_{mn_m}$ {\tt - ]} with $m$ being the number of constructors of the type of - {\term}. Each variable introduced by {\tt induction} in the context - of the $i^{th}$ goal gets its name from the list $p_{i1}$ {\ldots} - $p_{in_i}$ in order. If there are not enough names, {\tt induction} - invents names for the remaining variables to introduce. More - generally, the $p_{ij}$ can be any disjunctive/conjunctive - introduction pattern (see Section~\ref{intros-pattern}). For instance, - for an inductive type with one constructor, the pattern notation - {\tt (}$p_{1}$ {\tt ,} {\ldots} {\tt ,} $p_{n}${\tt )} can be used instead of - {\tt [} $p_{1}$ {\ldots} $p_{n}$ {\tt ]}. - -%% \item{\tt induction {\term} eqn:{\namingintropattern}} - -%% This behaves as {\tt induction {\term}} but adds an equation between -%% {\term} and the value that {\term} takes in each of the induction -%% case. The name of the equation is built according to -%% {\namingintropattern} which can be an identifier, a ``?'', etc, as -%% indicated in Section~\ref{intros-pattern}. - -%% \item{\tt induction {\term} as {\disjconjintropattern} eqn:{\namingintropattern}} - -%% This combines the two previous forms. - -\item{\tt induction {\term} with \bindinglist} - - This behaves like \texttt{induction {\term}} providing explicit - instances for the premises of the type of {\term} (see the syntax of - bindings in Section~\ref{Binding-list}). - -\item{\tt einduction {\term}\tacindex{einduction}} - - This tactic behaves like \texttt{induction {\term}} excepts that it - does not fail if some dependent premise of the type of {\term} is - not inferable. Instead, the unresolved premises are posed as - existential variables to be inferred later, in the same way as {\tt - eapply} does (see Section~\ref{eapply-example}). - -\item {\tt induction {\term$_1$} using {\term$_2$}} - - This behaves as {\tt induction {\term$_1$}} but using {\term$_2$} as - induction scheme. It does not expect the conclusion of the type of - {\term$_1$} to be inductive. - -\item {\tt induction {\term$_1$} using {\term$_2$} with {\bindinglist}} - - This behaves as {\tt induction {\term$_1$} using {\term$_2$}} but - also providing instances for the premises of the type of {\term$_2$}. - -\item \texttt{induction {\term}$_1$, {\ldots}, {\term}$_n$ using {\qualid}} - - This syntax is used for the case {\qualid} denotes an induction principle - with complex predicates as the induction principles generated by - {\tt Function} or {\tt Functional Scheme} may be. - -\item \texttt{induction {\term} in {\occgoalset}} - - This syntax is used for selecting which occurrences of {\term} the - induction has to be carried on. The {\tt in \occgoalset} clause is - an occurrence clause whose syntax and behavior is described in - Section~\ref{Occurrences_clauses}. If variables or hypotheses not - mentioning {\term} in their type are listed in {\occgoalset}, those - are generalized as well in the statement to prove. - -\Example - -\begin{coq_example} -Lemma comm x y : x + y = y + x. -induction y in x |- *. -Show 2. -\end{coq_example} - -\item {\tt induction {\term$_1$} with {\bindinglist$_1$} - as {\disjconjintropattern} %% eqn:{\namingintropattern} - using {\term$_2$} with {\bindinglist$_2$} in {\occgoalset}}\\ - {\tt einduction {\term$_1$} with {\bindinglist$_1$} - as {\disjconjintropattern} %% eqn:{\namingintropattern} - using {\term$_2$} with {\bindinglist$_2$} in {\occgoalset}} - - These are the most general forms of {\tt induction} and {\tt - einduction}. It combines the effects of the {\tt with}, {\tt as}, %%{\tt eqn:}, - {\tt using}, and {\tt in} clauses. - -\item {\tt elim \term}\label{elim} - - This is a more basic induction tactic. Again, the type of the - argument {\term} must be an inductive type. Then, according to - the type of the goal, the tactic {\tt elim} chooses the appropriate - destructor and applies it as the tactic {\tt apply} - would do. For instance, if the proof context contains {\tt - n:nat} and the current goal is {\tt T} of type {\tt - Prop}, then {\tt elim n} is equivalent to {\tt apply nat\_ind with - (n:=n)}. The tactic {\tt elim} does not modify the context of - the goal, neither introduces the induction loading into the context - of hypotheses. - - More generally, {\tt elim \term} also works when the type of {\term} - is a statement with premises and whose conclusion is inductive. In - that case the tactic performs induction on the conclusion of the - type of {\term} and leaves the non-dependent premises of the type as - subgoals. In the case of dependent products, the tactic tries to - find an instance for which the elimination lemma applies and fails - otherwise. - -\item {\tt elim {\term} with {\bindinglist}} - - Allows to give explicit instances to the premises of the type - of {\term} (see Section~\ref{Binding-list}). - -\item{\tt eelim {\term}\tacindex{eelim}} - - In case the type of {\term} has dependent premises, this turns them into - existential variables to be resolved later on. - -\item{\tt elim {\term$_1$} using {\term$_2$}}\\ - {\tt elim {\term$_1$} using {\term$_2$} with {\bindinglist}\tacindex{elim \dots\ using}} - -Allows the user to give explicitly an elimination predicate -{\term$_2$} that is not the standard one for the underlying inductive -type of {\term$_1$}. The {\bindinglist} clause allows -instantiating premises of the type of {\term$_2$}. - -\item{\tt elim {\term$_1$} with {\bindinglist$_1$} using {\term$_2$} with {\bindinglist$_2$}}\\ - {\tt eelim {\term$_1$} with {\bindinglist$_1$} using {\term$_2$} with {\bindinglist$_2$}} - - These are the most general forms of {\tt elim} and {\tt eelim}. It - combines the effects of the {\tt using} clause and of the two uses - of the {\tt with} clause. - -\item {\tt elimtype \form}\tacindex{elimtype} - - The argument {\form} must be inductively defined. {\tt elimtype I} - is equivalent to {\tt cut I. intro H{\rm\sl n}; elim H{\rm\sl n}; - clear H{\rm\sl n}}. Therefore the hypothesis {\tt H{\rm\sl n}} will - not appear in the context(s) of the subgoal(s). Conversely, if {\tt - t} is a term of (inductive) type {\tt I} that does not occur - in the goal, then {\tt elim t} is equivalent to {\tt elimtype I; 2: - exact t.} - -\item {\tt simple induction \ident}\tacindex{simple induction} - - This tactic behaves as {\tt intros until - {\ident}; elim {\tt {\ident}}} when {\ident} is a quantified - variable of the goal. - -\item {\tt simple induction {\num}} - - This tactic behaves as {\tt intros until - {\num}; elim {\tt {\ident}}} where {\ident} is the name given by - {\tt intros until {\num}} to the {\num}-th non-dependent premise of - the goal. - -%% \item {\tt simple induction {\term}}\tacindex{simple induction} - -%% If {\term} is an {\ident} corresponding to a quantified variable of -%% the goal then the tactic behaves as {\tt intros until {\ident}; elim -%% {\tt {\ident}}}. If {\term} is a {\num} then the tactic behaves as -%% {\tt intros until {\ident}; elim {\tt {\ident}}}. Otherwise, it is -%% a synonym for {\tt elim {\term}}. - -%% \Rem For simple induction on a numeral, use syntax {\tt simple -%% induction ({\num})}. - -\end{Variants} - -%\subsection[\tt FixPoint \dots]{\tt FixPoint \dots\tacindex{Fixpoint}} -%Not yet documented. - -\subsection{\tt double induction \ident$_1$ \ident$_2$} -\tacindex{double induction} - -This tactic is deprecated and should be replaced by {\tt induction \ident$_1$; induction \ident$_2$} (or {\tt induction \ident$_1$; destruct \ident$_2$} depending on the exact needs). - -%% This tactic applies to any goal. If the variables {\ident$_1$} and -%% {\ident$_2$} of the goal have an inductive type, then this tactic -%% performs double induction on these variables. For instance, if the -%% current goal is \verb+forall n m:nat, P n m+ then, {\tt double induction n -%% m} yields the four cases with their respective inductive hypotheses. - -%% In particular, for proving \verb+(P (S n) (S m))+, the generated induction -%% hypotheses are \verb+(P (S n) m)+ and \verb+(m:nat)(P n m)+ (of the latter, -%% \verb+(P n m)+ and \verb+(P n (S m))+ are derivable). - -%% \Rem When the induction hypothesis \verb+(P (S n) m)+ is not -%% needed, {\tt induction \ident$_1$; destruct \ident$_2$} produces -%% more concise subgoals. - -\begin{Variant} - -\item {\tt double induction \num$_1$ \num$_2$} - -This tactic is deprecated and should be replaced by {\tt induction - \num$_1$; induction \num$_3$} where \num$_3$ is the result of -\num$_2$-\num$_1$. - -%% This applies double induction on the \num$_1^{th}$ and \num$_2^{th}$ {\it -%% non dependent} premises of the goal. More generally, any combination of an -%% {\ident} and a {\num} is valid. - -\end{Variant} - -\subsection{\tt dependent induction \ident} -\tacindex{dependent induction} -\label{DepInduction} - -The \emph{experimental} tactic \texttt{dependent induction} performs -induction-inversion on an instantiated inductive predicate. -One needs to first require the {\tt Coq.Program.Equality} module to use -this tactic. The tactic is based on the BasicElim tactic by Conor -McBride \cite{DBLP:conf/types/McBride00} and the work of Cristina Cornes -around inversion \cite{DBLP:conf/types/CornesT95}. From an instantiated -inductive predicate and a goal, it generates an equivalent goal where the -hypothesis has been generalized over its indexes which are then -constrained by equalities to be the right instances. This permits to -state lemmas without resorting to manually adding these equalities and -still get enough information in the proofs. - -\Example - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} -\begin{coq_example} -Lemma le_minus : forall n:nat, n < 1 -> n = 0. -intros n H ; induction H. -\end{coq_example} - -Here we did not get any information on the indexes to help fulfill this -proof. The problem is that, when we use the \texttt{induction} tactic, -we lose information on the hypothesis instance, notably that the second -argument is \texttt{1} here. Dependent induction solves this problem by -adding the corresponding equality to the context. - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} -\begin{coq_example} -Require Import Coq.Program.Equality. -Lemma le_minus : forall n:nat, n < 1 -> n = 0. -intros n H ; dependent induction H. -\end{coq_example} - -The subgoal is cleaned up as the tactic tries to automatically -simplify the subgoals with respect to the generated equalities. -In this enriched context, it becomes possible to solve this subgoal. -\begin{coq_example} -reflexivity. -\end{coq_example} - -Now we are in a contradictory context and the proof can be solved. -\begin{coq_example} -inversion H. -\end{coq_example} - -This technique works with any inductive predicate. -In fact, the \texttt{dependent induction} tactic is just a wrapper around -the \texttt{induction} tactic. One can make its own variant by just -writing a new tactic based on the definition found in -\texttt{Coq.Program.Equality}. - -\begin{Variants} -\item {\tt dependent induction {\ident} generalizing {\ident$_1$} \dots - {\ident$_n$}}\tacindex{dependent induction \dots\ generalizing} - - This performs dependent induction on the hypothesis {\ident} but first - generalizes the goal by the given variables so that they are - universally quantified in the goal. This is generally what one wants - to do with the variables that are inside some constructors in the - induction hypothesis. The other ones need not be further generalized. - -\item {\tt dependent destruction {\ident}}\tacindex{dependent destruction} - - This performs the generalization of the instance {\ident} but uses {\tt destruct} - instead of {\tt induction} on the generalized hypothesis. This gives - results equivalent to {\tt inversion} or {\tt dependent inversion} if - the hypothesis is dependent. -\end{Variants} - -\SeeAlso \ref{dependent-induction-example} for a larger example of -dependent induction and an explanation of the underlying technique. - -\subsection{\tt functional induction (\qualid\ \term$_1$ \dots\ \term$_n$)} -\tacindex{functional induction} -\label{FunInduction} - -The tactic \texttt{functional induction} performs -case analysis and induction following the definition of a function. It -makes use of a principle generated by \texttt{Function} -(see Section~\ref{Function}) or \texttt{Functional Scheme} -(see Section~\ref{FunScheme}). Note that this tactic is only available -after a {\tt Require Import FunInd}. - -\begin{coq_eval} -Reset Initial. -Import Nat. -\end{coq_eval} -\begin{coq_example} -Require Import FunInd. -Functional Scheme minus_ind := Induction for minus Sort Prop. -Check minus_ind. -Lemma le_minus (n m:nat) : n - m <= n. -functional induction (minus n m) using minus_ind; simpl; auto. -\end{coq_example} -\begin{coq_example*} -Qed. -\end{coq_example*} - -\Rem \texttt{(\qualid\ \term$_1$ \dots\ \term$_n$)} must be a correct -full application of \qualid. In particular, the rules for implicit -arguments are the same as usual. For example use \texttt{@\qualid} if -you want to write implicit arguments explicitly. - -\Rem Parentheses over \qualid \dots \term$_n$ are mandatory. - -\Rem \texttt{functional induction (f x1 x2 x3)} is actually a wrapper -for \texttt{induction x1, x2, x3, (f x1 x2 x3) using \qualid} followed by -a cleaning phase, where {\qualid} is the induction principle -registered for $f$ (by the \texttt{Function} (see Section~\ref{Function}) -or \texttt{Functional Scheme} (see Section~\ref{FunScheme}) command) -corresponding to the sort of the goal. Therefore \texttt{functional - induction} may fail if the induction scheme {\qualid} is -not defined. See also Section~\ref{Function} for the function terms -accepted by \texttt{Function}. - -\Rem There is a difference between obtaining an induction scheme for a -function by using \texttt{Function} (see Section~\ref{Function}) and by -using \texttt{Functional Scheme} after a normal definition using -\texttt{Fixpoint} or \texttt{Definition}. See \ref{Function} for -details. - -\SeeAlso{\ref{Function},\ref{FunScheme},\ref{FunScheme-examples}, - \ref{sec:functional-inversion}} - -\begin{ErrMsgs} -\item \errindex{Cannot find induction information on \qualid} -\item \errindex{Not the right number of induction arguments} -\end{ErrMsgs} - -\begin{Variants} -\item {\tt functional induction (\qualid\ \term$_1$ \dots\ \term$_n$) - as {\disjconjintropattern} using \term$_{m+1}$ with \bindinglist} - - Similarly to \texttt{Induction} and \texttt{elim} - (see Section~\ref{Tac-induction}), this allows giving explicitly the - name of the introduced variables, the - induction principle, and the values of dependent premises of the - elimination scheme, including \emph{predicates} for mutual induction - when {\qualid} is part of a mutually recursive definition. - -\end{Variants} - -\subsection{\tt discriminate \term} -\label{discriminate} -\tacindex{discriminate} - - -This tactic proves any goal from an assumption stating that two -structurally different terms of an inductive set are equal. For -example, from {\tt (S (S O))=(S O)} we can derive by absurdity any -proposition. - -The argument {\term} is assumed to be a proof of a statement -of conclusion {\tt{\term$_1$} = {\term$_2$}} with {\term$_1$} and -{\term$_2$} being elements of an inductive set. To build the proof, -the tactic traverses the normal forms\footnote{Reminder: opaque - constants will not be expanded by $\delta$ reductions.} of -{\term$_1$} and {\term$_2$} looking for a couple of subterms {\tt u} -and {\tt w} ({\tt u} subterm of the normal form of {\term$_1$} and -{\tt w} subterm of the normal form of {\term$_2$}), placed at the same -positions and whose head symbols are two different constructors. If -such a couple of subterms exists, then the proof of the current goal -is completed, otherwise the tactic fails. - -\Rem The syntax {\tt discriminate {\ident}} can be used to refer to a -hypothesis quantified in the goal. In this case, the quantified -hypothesis whose name is {\ident} is first introduced in the local -context using \texttt{intros until \ident}. - -\begin{ErrMsgs} -\item \errindex{No primitive equality found} -\item \errindex{Not a discriminable equality} -\end{ErrMsgs} - -\begin{Variants} -\item \texttt{discriminate \num} - - This does the same thing as \texttt{intros until \num} followed by - \texttt{discriminate \ident} where {\ident} is the identifier for - the last introduced hypothesis. - -\item \texttt{discriminate {\term} with \bindinglist} - - This does the same thing as \texttt{discriminate {\term}} but using -the given bindings to instantiate parameters or hypotheses of {\term}. - -\item \texttt{ediscriminate \num}\tacindex{ediscriminate}\\ - \texttt{ediscriminate {\term} \zeroone{with \bindinglist}} - - This works the same as {\tt discriminate} but if the type of {\term}, - or the type of the hypothesis referred to by {\num}, has uninstantiated - parameters, these parameters are left as existential variables. - -\item \texttt{discriminate} - - This behaves like {\tt discriminate {\ident}} if {\ident} is the - name of an hypothesis to which {\tt discriminate} is applicable; if - the current goal is of the form {\term$_1$} {\tt <>} {\term$_2$}, - this behaves as {\tt intro {\ident}; discriminate {\ident}}. - - \ErrMsg \errindex{No discriminable equalities} -\end{Variants} - -\subsection{\tt injection \term} -\label{injection} -\tacindex{injection} - -The {\tt injection} tactic exploits the property that constructors of -inductive types are injective, i.e. that if $c$ is a constructor -of an inductive type and $c~\vec{t_1}$ and $c~\vec{t_2}$ are equal -then $\vec{t_1}$ and $\vec{t_2}$ are equal too. - -If {\term} is a proof of a statement of conclusion - {\tt {\term$_1$} = {\term$_2$}}, -then {\tt injection} applies the injectivity of constructors as deep as possible to -derive the equality of all the subterms of {\term$_1$} and {\term$_2$} at positions -where {\term$_1$} and {\term$_2$} start to differ. -For example, from {\tt (S p, S n) = (q, S (S m)} we may derive {\tt S - p = q} and {\tt n = S m}. For this tactic to work, {\term$_1$} and -{\term$_2$} should be typed with an inductive -type and they should be neither convertible, nor having a different -head constructor. If these conditions are satisfied, the tactic -derives the equality of all the subterms of {\term$_1$} and -{\term$_2$} at positions where they differ and adds them as -antecedents to the conclusion of the current goal. - -\Example Consider the following goal: - -\begin{coq_example*} -Inductive list : Set := - | nil : list - | cons : nat -> list -> list. -Variable P : list -> Prop. -\end{coq_example*} -\begin{coq_eval} -Lemma ex : - forall (l:list) (n:nat), P nil -> cons n l = cons 0 nil -> P l. -intros l n H H0. -\end{coq_eval} -\begin{coq_example} -Show. -injection H0. -\end{coq_example} -\begin{coq_eval} -Abort. -\end{coq_eval} - -Beware that \texttt{injection} yields an equality in a sigma type -whenever the injected object has a dependent type $P$ with its two -instances in different types $(P~t_1~...~t_n)$ and -$(P~u_1~...~u_n)$. If $t_1$ and $u_1$ are the same and have for type -an inductive type for which a decidable equality has been declared -using the command {\tt Scheme Equality} (see \ref{Scheme}), the use of -a sigma type is avoided. - -\Rem If some quantified hypothesis of the goal is named {\ident}, then -{\tt injection {\ident}} first introduces the hypothesis in the local -context using \texttt{intros until \ident}. - -\begin{ErrMsgs} -\item \errindex{Not a projectable equality but a discriminable one} -\item \errindex{Nothing to do, it is an equality between convertible terms} -\item \errindex{Not a primitive equality} -\item \errindex{Nothing to inject} -\end{ErrMsgs} - -\begin{Variants} -\item \texttt{injection \num} - - This does the same thing as \texttt{intros until \num} followed by -\texttt{injection \ident} where {\ident} is the identifier for the last -introduced hypothesis. - -\item \texttt{injection {\term} with \bindinglist} - - This does the same as \texttt{injection {\term}} but using - the given bindings to instantiate parameters or hypotheses of {\term}. - -\item \texttt{einjection \num}\tacindex{einjection}\\ - \texttt{einjection {\term} \zeroone{with \bindinglist}} - - This works the same as {\tt injection} but if the type of {\term}, - or the type of the hypothesis referred to by {\num}, has uninstantiated - parameters, these parameters are left as existential variables. - -\item{\tt injection} - - If the current goal is of the form {\term$_1$} {\tt <>} {\term$_2$}, - this behaves as {\tt intro {\ident}; injection {\ident}}. - - \ErrMsg \errindex{goal does not satisfy the expected preconditions} - -\item \texttt{injection {\term} \zeroone{with \bindinglist} as \nelistnosep{\intropattern}}\\ -\texttt{injection {\num} as {\intropattern} \dots\ \intropattern}\\ -\texttt{injection as {\intropattern} \dots\ \intropattern}\\ -\texttt{einjection {\term} \zeroone{with \bindinglist} as \nelistnosep{\intropattern}}\\ -\texttt{einjection {\num} as {\intropattern} \dots\ \intropattern}\\ -\texttt{einjection as {\intropattern} \dots\ \intropattern} -\tacindex{injection \dots\ as} - -These variants apply \texttt{intros} \nelistnosep{\intropattern} after -the call to \texttt{injection} or \texttt{einjection} so that all -equalities generated are moved in the context of hypotheses. The -number of {\intropattern} must not exceed the number of equalities -newly generated. If it is smaller, fresh names are automatically -generated to adjust the list of {\intropattern} to the number of new -equalities. The original equality is erased if it corresponds to an -hypothesis. - -\end{Variants} - -\optindex{Structural Injection} - -It is possible to ensure that \texttt{injection {\term}} erases the -original hypothesis and leaves the generated equalities in the context -rather than putting them as antecedents of the current goal, as if -giving \texttt{injection {\term} as} (with an empty list of names). To -obtain this behavior, the option {\tt Set Structural Injection} must -be activated. This option is off by default. - -By default, \texttt{injection} only creates new equalities between -terms whose type is in sort \texttt{Type} or \texttt{Set}, thus -implementing a special behavior for objects that are proofs -of a statement in \texttt{Prop}. This behavior can be turned off -by setting the option \texttt{Set Keep Proof Equalities}. -\optindex{Keep Proof Equalities} -\subsection{\tt inversion \ident} -\tacindex{inversion} - -Let the type of {\ident} in the local context be $(I~\vec{t})$, -where $I$ is a (co)inductive predicate. Then, -\texttt{inversion} applied to \ident~ derives for each possible -constructor $c_i$ of $(I~\vec{t})$, {\bf all} the necessary -conditions that should hold for the instance $(I~\vec{t})$ to be -proved by $c_i$. - -\Rem If {\ident} does not denote a hypothesis in the local context -but refers to a hypothesis quantified in the goal, then the -latter is first introduced in the local context using -\texttt{intros until \ident}. - -\Rem As inversion proofs may be large in size, we recommend the user to -stock the lemmas whenever the same instance needs to be inverted -several times. See Section~\ref{Derive-Inversion}. - -\Rem Part of the behavior of the \texttt{inversion} tactic is to generate -equalities between expressions that appeared in the hypothesis that is -being processed. By default, no equalities are generated if they relate -two proofs (i.e. equalities between terms whose type is in -sort \texttt{Prop}). This behavior can be turned off by using the option -\texttt{Set Keep Proof Equalities.} -\optindex{Keep Proof Equalities} - -\begin{Variants} -\item \texttt{inversion \num} - - This does the same thing as \texttt{intros until \num} then - \texttt{inversion \ident} where {\ident} is the identifier for the - last introduced hypothesis. - -\item \tacindex{inversion\_clear} \texttt{inversion\_clear \ident} - - This behaves as \texttt{inversion} and then erases \ident~ from the - context. - -\item \tacindex{inversion \dots\ as} \texttt{inversion {\ident} as \intropattern} - - This generally behaves as \texttt{inversion} but using names in - {\intropattern} for naming hypotheses. The {\intropattern} must have - the form {\tt [} $p_{11} \ldots p_{1n_1}$ {\tt |} {\ldots} {\tt |} - $p_{m1} \ldots p_{mn_m}$ {\tt ]} with $m$ being the number of - constructors of the type of {\ident}. Be careful that the list must - be of length $m$ even if {\tt inversion} discards some cases (which - is precisely one of its roles): for the discarded cases, just use an - empty list (i.e. $n_i=0$). - - The arguments of the $i^{th}$ constructor and the - equalities that {\tt inversion} introduces in the context of the - goal corresponding to the $i^{th}$ constructor, if it exists, get - their names from the list $p_{i1}$ \ldots $p_{in_i}$ in order. If - there are not enough names, {\tt inversion} invents names for the - remaining variables to introduce. In case an equation splits into - several equations (because {\tt inversion} applies {\tt injection} - on the equalities it generates), the corresponding name $p_{ij}$ in - the list must be replaced by a sublist of the form {\tt [$p_{ij1}$ - \mbox{\dots} $p_{ijq}$]} (or, equivalently, {\tt ($p_{ij1}$, - \dots, $p_{ijq}$)}) where $q$ is the number of subequalities - obtained from splitting the original equation. Here is an example. - - The \texttt{inversion \dots\ as} variant of \texttt{inversion} - generally behaves in a slightly more expectable way than - \texttt{inversion} (no artificial duplication of some hypotheses - referring to other hypotheses) To take benefit of these - improvements, it is enough to use \texttt{inversion \dots\ as []}, - letting the names being finally chosen by {\Coq}. - -\begin{coq_eval} -Require Import List. -\end{coq_eval} - -\begin{coq_example} -Inductive contains0 : list nat -> Prop := - | in_hd : forall l, contains0 (0 :: l) - | in_tl : forall l b, contains0 l -> contains0 (b :: l). -Goal forall l:list nat, contains0 (1 :: l) -> contains0 l. -intros l H; inversion H as [ | l' p Hl' [Heqp Heql'] ]. -\end{coq_example} - -\begin{coq_eval} -Abort. -\end{coq_eval} - -\item \texttt{inversion {\num} as \intropattern} - - This allows naming the hypotheses introduced by - \texttt{inversion \num} in the context. - -\item \tacindex{inversion\_clear \dots\ as} \texttt{inversion\_clear - {\ident} as \intropattern} - - This allows naming the hypotheses introduced by - \texttt{inversion\_clear} in the context. Notice that hypothesis - names can be provided as if \texttt{inversion} were called, even - though the \texttt{inversion\_clear} will eventually erase the - hypotheses. - -\item \tacindex{inversion \dots\ in} \texttt{inversion {\ident} - in \ident$_1$ \dots\ \ident$_n$} - - Let \ident$_1$ \dots\ \ident$_n$, be identifiers in the local context. This - tactic behaves as generalizing \ident$_1$ \dots\ \ident$_n$, and - then performing \texttt{inversion}. - -\item \tacindex{inversion \dots\ as \dots\ in} \texttt{inversion - {\ident} as {\intropattern} in \ident$_1$ \dots\ - \ident$_n$} - - This allows naming the hypotheses introduced in the context by - \texttt{inversion {\ident} in \ident$_1$ \dots\ \ident$_n$}. - -\item \tacindex{inversion\_clear \dots\ in} \texttt{inversion\_clear - {\ident} in \ident$_1$ \dots\ \ident$_n$} - - Let \ident$_1$ \dots\ \ident$_n$, be identifiers in the local context. This - tactic behaves as generalizing \ident$_1$ \dots\ \ident$_n$, and - then performing {\tt inversion\_clear}. - -\item \tacindex{inversion\_clear \dots\ as \dots\ in} - \texttt{inversion\_clear {\ident} as {\intropattern} - in \ident$_1$ \dots\ \ident$_n$} - - This allows naming the hypotheses introduced in the context by - \texttt{inversion\_clear {\ident} in \ident$_1$ \dots\ \ident$_n$}. - -\item \tacindex{dependent inversion} \texttt{dependent inversion \ident} - - That must be used when \ident\ appears in the current goal. It acts - like \texttt{inversion} and then substitutes \ident\ for the - corresponding term in the goal. - -\item \tacindex{dependent inversion \dots\ as } \texttt{dependent - inversion {\ident} as \intropattern} - - This allows naming the hypotheses introduced in the context by - \texttt{dependent inversion} {\ident}. - -\item \tacindex{dependent inversion\_clear} \texttt{dependent - inversion\_clear \ident} - - Like \texttt{dependent inversion}, except that {\ident} is cleared - from the local context. - -\item \tacindex{dependent inversion\_clear \dots\ as} - \texttt{dependent inversion\_clear {\ident} as \intropattern} - - This allows naming the hypotheses introduced in the context by - \texttt{dependent inversion\_clear} {\ident}. - -\item \tacindex{dependent inversion \dots\ with} \texttt{dependent - inversion {\ident} with \term} - - This variant allows you to specify the generalization of the goal. It - is useful when the system fails to generalize the goal automatically. If - {\ident} has type $(I~\vec{t})$ and $I$ has type - $\forall (\vec{x}:\vec{T}), s$, then \term~ must be of type - $I:\forall (\vec{x}:\vec{T}), I~\vec{x}\to s'$ where $s'$ is the - type of the goal. - -\item \tacindex{dependent inversion \dots\ as \dots\ with} - \texttt{dependent inversion {\ident} as {\intropattern} - with \term} - - This allows naming the hypotheses introduced in the context by - \texttt{dependent inversion {\ident} with \term}. - -\item \tacindex{dependent inversion\_clear \dots\ with} - \texttt{dependent inversion\_clear {\ident} with \term} - - Like \texttt{dependent inversion \dots\ with} but clears {\ident} from - the local context. - -\item \tacindex{dependent inversion\_clear \dots\ as \dots\ with} - \texttt{dependent inversion\_clear {\ident} as - {\intropattern} with \term} - - This allows naming the hypotheses introduced in the context by - \texttt{dependent inversion\_clear {\ident} with \term}. - -\item \tacindex{simple inversion} \texttt{simple inversion \ident} - - It is a very primitive inversion tactic that derives all the necessary - equalities but it does not simplify the constraints as - \texttt{inversion} does. - -\item \tacindex{simple inversion \dots\ as} \texttt{simple inversion - {\ident} as \intropattern} - - This allows naming the hypotheses introduced in the context by - \texttt{simple inversion}. - -\item \tacindex{inversion \dots\ using} \texttt{inversion {\ident} - using \ident$'$} - - Let {\ident} have type $(I~\vec{t})$ ($I$ an inductive - predicate) in the local context, and \ident$'$ be a (dependent) inversion - lemma. Then, this tactic refines the current goal with the specified - lemma. - -\item \tacindex{inversion \dots\ using \dots\ in} \texttt{inversion - {\ident} using \ident$'$ in \ident$_1$\dots\ \ident$_n$} - - This tactic behaves as generalizing \ident$_1$\dots\ \ident$_n$, - then doing \texttt{inversion {\ident} using \ident$'$}. - -\item \tacindex{inversion\_sigma} \texttt{inversion\_sigma} - - This tactic turns equalities of dependent pairs (e.g., - \texttt{existT P x p = existT P y q}, frequently left over by - \texttt{inversion} on a dependent type family) into pairs of - equalities (e.g., a hypothesis \texttt{H : x = y} and a hypothesis - of type \texttt{rew H in p = q}); these hypotheses can subsequently - be simplified using \texttt{subst}, without ever invoking any kind - of axiom asserting uniqueness of identity proofs. If you want to - explicitly specify the hypothesis to be inverted, or name the - generated hypotheses, you can invoke \texttt{induction H as [H1 H2] - using eq\_sigT\_rect}. This tactic also works for \texttt{sig}, - \texttt{sigT2}, and \texttt{sig2}, and there are similar - \texttt{eq\_sig\emph{*}\_rect} induction lemmas. - -\end{Variants} - -\firstexample -\example{Non-dependent inversion} -\label{inversion-examples} - -Let us consider the relation \texttt{Le} over natural numbers and the -following variables: - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - -\begin{coq_example*} -Inductive Le : nat -> nat -> Set := - | LeO : forall n:nat, Le 0 n - | LeS : forall n m:nat, Le n m -> Le (S n) (S m). -Variable P : nat -> nat -> Prop. -Variable Q : forall n m:nat, Le n m -> Prop. -\end{coq_example*} - -Let us consider the following goal: - -\begin{coq_eval} -Lemma ex : forall n m:nat, Le (S n) m -> P n m. -intros. -\end{coq_eval} - -\begin{coq_example} -Show. -\end{coq_example} - -To prove the goal, we may need to reason by cases on \texttt{H} and to -derive that \texttt{m} is necessarily of -the form $(S~m_0)$ for certain $m_0$ and that $(Le~n~m_0)$. -Deriving these conditions corresponds to prove that the -only possible constructor of \texttt{(Le (S n) m)} is -\texttt{LeS} and that we can invert the -\texttt{->} in the type of \texttt{LeS}. -This inversion is possible because \texttt{Le} is the smallest set closed by -the constructors \texttt{LeO} and \texttt{LeS}. - -\begin{coq_example} -inversion_clear H. -\end{coq_example} - -Note that \texttt{m} has been substituted in the goal for \texttt{(S m0)} -and that the hypothesis \texttt{(Le n m0)} has been added to the -context. - -Sometimes it is -interesting to have the equality \texttt{m=(S m0)} in the -context to use it after. In that case we can use \texttt{inversion} that -does not clear the equalities: - -\begin{coq_eval} -Undo. -\end{coq_eval} - -\begin{coq_example} -inversion H. -\end{coq_example} - -\begin{coq_eval} -Abort. -\end{coq_eval} - -\example{Dependent inversion} - -Let us consider the following goal: - -\begin{coq_eval} -Lemma ex_dep : forall (n m:nat) (H:Le (S n) m), Q (S n) m H. -intros. -\end{coq_eval} - -\begin{coq_example} -Show. -\end{coq_example} - -As \texttt{H} occurs in the goal, we may want to reason by cases on its -structure and so, we would like inversion tactics to -substitute \texttt{H} by the corresponding term in constructor form. -Neither \texttt{Inversion} nor {\tt Inversion\_clear} make such a -substitution. -To have such a behavior we use the dependent inversion tactics: - -\begin{coq_example} -dependent inversion_clear H. -\end{coq_example} - -Note that \texttt{H} has been substituted by \texttt{(LeS n m0 l)} and -\texttt{m} by \texttt{(S m0)}. - -\example{Using \texorpdfstring{\texttt{inversion\_sigma}}{inversion\_sigma}} - -Let us consider the following inductive type of length-indexed lists, -and a lemma about inverting equality of \texttt{cons}: - -\begin{coq_eval} -Reset Initial. -Set Printing Compact Contexts. -\end{coq_eval} - -\begin{coq_example*} -Require Coq.Logic.Eqdep_dec. - -Inductive vec A : nat -> Type := -| nil : vec A O -| cons {n} (x : A) (xs : vec A n) : vec A (S n). - -Lemma invert_cons : forall A n x xs y ys, - @cons A n x xs = @cons A n y ys - -> xs = ys. -Proof. -\end{coq_example*} - -\begin{coq_example} -intros A n x xs y ys H. -\end{coq_example} - -After performing \texttt{inversion}, we are left with an equality of -\texttt{existT}s: - -\begin{coq_example} -inversion H. -\end{coq_example} - -We can turn this equality into a usable form with -\texttt{inversion\_sigma}: - -\begin{coq_example} -inversion_sigma. -\end{coq_example} - -To finish cleaning up the proof, we will need to use the fact that -that all proofs of \texttt{n = n} for \texttt{n} a \texttt{nat} are -\texttt{eq\_refl}: - -\begin{coq_example} -let H := match goal with H : n = n |- _ => H end in -pose proof (Eqdep_dec.UIP_refl_nat _ H); subst H. -simpl in *. -\end{coq_example} - -Finally, we can finish the proof: - -\begin{coq_example} -assumption. -Qed. -\end{coq_example} - -\subsection{\tt fix {\ident} {\num}} -\tacindex{fix} -\label{tactic:fix} - -This tactic is a primitive tactic to start a proof by induction. In -general, it is easier to rely on higher-level induction tactics such -as the ones described in Section~\ref{Tac-induction}. - -In the syntax of the tactic, the identifier {\ident} is the name given -to the induction hypothesis. The natural number {\num} tells on which -premise of the current goal the induction acts, starting -from 1, counting both dependent and non dependent -products, but skipping local definitions. Especially, the current -lemma must be composed of at least {\num} products. - -Like in a {\tt fix} expression, the induction -hypotheses have to be used on structurally smaller arguments. -The verification that inductive proof arguments are correct is done -only at the time of registering the lemma in the environment. To know -if the use of induction hypotheses is correct at some -time of the interactive development of a proof, use the command {\tt - Guarded} (see Section~\ref{Guarded}). - -\begin{Variants} - \item {\tt fix \ident$_1$ {\num} with ( \ident$_2$ - \nelistnosep{\binder$_2$} \zeroone{\{ struct \ident$'_2$ - \}} :~\type$_2$ ) \dots\ ( \ident$_n$ - \nelistnosep{\binder$_n$} \zeroone{\{ struct \ident$'_n$ \}} :~\type$_n$ )} - -This starts a proof by mutual induction. The statements to be -simultaneously proved are respectively {\tt forall} - \nelistnosep{{\binder}$_2$}{\tt ,} {\type}$_2$, {\ldots}, {\tt forall} - \nelistnosep{{\binder}$_n$}{\tt ,} {\type}$_n$. The identifiers -{\ident}$_1$ {\ldots} {\ident}$_n$ are the names of the induction -hypotheses. The identifiers {\ident}$'_2$ {\ldots} {\ident}$'_n$ are the -respective names of the premises on which the induction is performed -in the statements to be simultaneously proved (if not given, the -system tries to guess itself what they are). - -\end{Variants} - -\subsection{\tt cofix \ident} -\tacindex{cofix} -\label{tactic:cofix} - -This tactic starts a proof by coinduction. The identifier {\ident} is -the name given to the coinduction hypothesis. Like in a {\tt cofix} -expression, the use of induction hypotheses have to guarded by a -constructor. The verification that the use of co-inductive hypotheses -is correct is done only at the time of registering the lemma in the -environment. To know if the use of coinduction hypotheses is correct -at some time of the interactive development of a proof, use the -command {\tt Guarded} (see Section~\ref{Guarded}). - - -\begin{Variants} - \item {\tt cofix \ident$_1$ with ( \ident$_2$ - \nelistnosep{\binder$_2$} :~\type$_2$ ) \dots\ ( - \ident$_n$ \nelistnosep{\binder$_n$} :~\type$_n$ )} - -This starts a proof by mutual coinduction. The statements to be -simultaneously proved are respectively {\tt forall} -\nelistnosep{{\binder}$_2$}{\tt ,} {\type}$_2$, {\ldots}, {\tt forall} - \nelistnosep{{\binder}$_n$}{\tt ,} {\type}$_n$. The identifiers - {\ident}$_1$ {\ldots} {\ident}$_n$ are the names of the - coinduction hypotheses. - -\end{Variants} - -\section{Rewriting expressions} - - -These tactics use the equality {\tt eq:forall A:Type, A->A->Prop} -defined in file {\tt Logic.v} (see Section~\ref{Equality}). The -notation for {\tt eq}~$T~t~u$ is simply {\tt $t$=$u$} dropping the -implicit type of $t$ and $u$. - -\subsection{\tt rewrite \term} -\label{rewrite} -\tacindex{rewrite} - -This tactic applies to any goal. The type of {\term} -must have the form - -\texttt{forall (x$_1$:A$_1$) \dots\ (x$_n$:A$_n$)}\texttt{eq} \term$_1$ \term$_2$. - -\noindent where \texttt{eq} is the Leibniz equality or a registered -setoid equality. - -\noindent Then {\tt rewrite \term} finds the first subterm matching -\term$_1$ in the goal, resulting in instances \term$_1'$ and \term$_2'$ -and then replaces every occurrence of \term$_1'$ by \term$_2'$. -Hence, some of the variables x$_i$ are -solved by unification, and some of the types \texttt{A}$_1$, \dots, -\texttt{A}$_n$ become new subgoals. - -% \Rem In case the type of -% \term$_1$ contains occurrences of variables bound in the -% type of \term, the tactic tries first to find a subterm of the goal -% which matches this term in order to find a closed instance \term$'_1$ -% of \term$_1$, and then all instances of \term$'_1$ will be replaced. - -\begin{ErrMsgs} -\item \errindex{The term provided does not end with an equation} - -\item \errindex{Tactic generated a subgoal identical to the original goal} - -This happens if \term$_1$ does not occur in the goal. -\end{ErrMsgs} - -\begin{Variants} -\item {\tt rewrite -> \term}\tacindex{rewrite ->} - - Is equivalent to {\tt rewrite \term} - -\item {\tt rewrite <- \term}\tacindex{rewrite <-} - - Uses the equality \term$_1${\tt=}\term$_2$ from right to left - -\item {\tt rewrite {\term} in \nterm{clause}} - \tacindex{rewrite \dots\ in} - - Analogous to {\tt rewrite {\term}} but rewriting is done following - \nterm{clause} (similarly to \ref{Conversion-tactics}). For - instance: - \begin{itemize} - \item \texttt{rewrite H in H1} will rewrite \texttt{H} in the hypothesis - \texttt{H1} instead of the current goal. - \item \texttt{rewrite H in H1 at 1, H2 at - 2 |- *} means \texttt{rewrite H; rewrite H in H1 at 1; - rewrite H in H2 at - 2}. In particular a failure will happen if any of - these three simpler tactics fails. - \item \texttt{rewrite H in * |- } will do \texttt{rewrite H in - H$_i$} for all hypothesis \texttt{H$_i$ <> H}. A success will happen - as soon as at least one of these simpler tactics succeeds. - \item \texttt{rewrite H in *} is a combination of \texttt{rewrite H} - and \texttt{rewrite H in * |-} that succeeds if at - least one of these two tactics succeeds. - \end{itemize} - Orientation {\tt ->} or {\tt <-} can be - inserted before the term to rewrite. - -\item {\tt rewrite {\term} at {\occlist}} - \tacindex{rewrite \dots\ at} - - Rewrite only the given occurrences of \term$_1'$. Occurrences are - specified from left to right as for \texttt{pattern} (\S - \ref{pattern}). The rewrite is always performed using setoid - rewriting, even for Leibniz's equality, so one has to - \texttt{Import Setoid} to use this variant. - -\item {\tt rewrite {\term} by {\tac}} - \tacindex{rewrite \dots\ by} - - Use {\tac} to completely solve the side-conditions arising from the - rewrite. - -\item {\tt rewrite \term$_1$ , \mbox{\dots} , \term$_n$} - - Is equivalent to the $n$ successive tactics {\tt rewrite $\term_1$} - up to {\tt rewrite $\term_n$}, each one working on the first subgoal - generated by the previous one. - Orientation {\tt ->} or {\tt <-} can be - inserted before each term to rewrite. One unique \nterm{clause} - can be added at the end after the keyword {\tt in}; it will - then affect all rewrite operations. - -\item In all forms of {\tt rewrite} described above, a term to rewrite - can be immediately prefixed by one of the following modifiers: - \begin{itemize} - \item {\tt ?} : the tactic {\tt rewrite ?$\term$} performs the - rewrite of $\term$ as many times as possible (perhaps zero time). - This form never fails. - \item {\tt $n$?} : works similarly, except that it will do at most - $n$ rewrites. - \item {\tt !} : works as {\tt ?}, except that at least one rewrite - should succeed, otherwise the tactic fails. - \item {\tt $n$!} (or simply {\tt $n$}) : precisely $n$ rewrites - of $\term$ will be done, leading to failure if these $n$ rewrites are not possible. - \end{itemize} - -\item {\tt erewrite {\term}\tacindex{erewrite}} - -This tactic works as {\tt rewrite {\term}} but turning unresolved -bindings into existential variables, if any, instead of failing. It has -the same variants as {\tt rewrite} has. - -\end{Variants} - -\subsection{\tt replace \term$_1$ with \term$_2$} -\label{tactic:replace} -\tacindex{replace \dots\ with} - -This tactic applies to any goal. It replaces all free occurrences of -{\term$_1$} in the current goal with {\term$_2$} and generates the -equality {\term$_2$}{\tt =}{\term$_1$} as a subgoal. This equality is -automatically solved if it occurs among the assumption, or if its -symmetric form occurs. It is equivalent to {\tt cut -\term$_2$=\term$_1$; [intro H{\sl n}; rewrite <- H{\sl n}; clear H{\sl -n}| assumption || symmetry; try assumption]}. - -\begin{ErrMsgs} -\item \errindex{terms do not have convertible types} -\end{ErrMsgs} - -\begin{Variants} - -\item {\tt replace \term$_1$ with \term$_2$ by \tac} - - This acts as {\tt replace \term$_1$ with \term$_2$} but applies {\tt \tac} - to solve the generated subgoal {\tt \term$_2$=\term$_1$}. - -\item {\tt replace {\term}} - - Replaces {\term} with {\term'} using the - first assumption whose type has the form {\tt \term=\term'} or {\tt - \term'=\term}. - -\item {\tt replace -> {\term}} - - Replaces {\term} with {\term'} using the - first assumption whose type has the form {\tt \term=\term'} - -\item {\tt replace <- {\term}} - - Replaces {\term} with {\term'} using the - first assumption whose type has the form {\tt \term'=\term} - -\item {\tt replace {\term$_1$} with {\term$_2$} in \nterm{clause} }\\ - {\tt replace {\term$_1$} with {\term$_2$} in \nterm{clause} by \tac }\\ - {\tt replace {\term} in \nterm{clause}}\\ - {\tt replace -> {\term} in \nterm{clause}}\\ - {\tt replace <- {\term} in \nterm{clause}} - - Acts as before but the replacements take place in - \nterm{clause}~(see Section~\ref{Conversion-tactics}) and not only - in the conclusion of the goal. - The \nterm{clause} argument must not contain any \texttt{type of} nor \texttt{value of}. - -\item {\tt cutrewrite <- (\term$_1$ = \term$_2$)} -%\label{cutrewrite} -\tacindex{cutrewrite} - -This tactic is deprecated. It acts like {\tt replace {\term$_2$} with - {\term$_1$}}, or, equivalently as {\tt enough} (\term$_1$ = -\term$_2$) {\tt as <-}. - -\item {\tt cutrewrite -> (\term$_1$ = \term$_2$)} -%\label{cutrewrite} -\tacindex{cutrewrite} - -This tactic is deprecated. It can be replaced by {\tt enough} -(\term$_1$ = \term$_2$) {\tt as ->}. - -\end{Variants} - -\subsection{\tt subst \ident} -\tacindex{subst} -\optindex{Regular Subst Tactic} - -This tactic applies to a goal that has \ident\ in its context and (at -least) one hypothesis, say $H$, of type {\tt \ident} = $t$ or $t$ -{\tt = \ident} with {\ident} not occurring in $t$. Then it replaces -{\ident} by $t$ everywhere in the goal (in the hypotheses and in the -conclusion) and clears {\ident} and $H$ from the context. - -If {\ident} is a local definition of the form {\ident} := $t$, it is -also unfolded and cleared. - -\Rem -When several hypotheses have the form {\tt \ident} = $t$ or {\tt - $t$ = \ident}, the first one is used. - -\Rem -If $H$ is itself dependent in the goal, it is replaced by the -proof of reflexivity of equality. - -\begin{Variants} - \item {\tt subst \ident$_1$ {\dots} \ident$_n$} - - This is equivalent to {\tt subst \ident$_1$; \dots; subst \ident$_n$}. - \item {\tt subst} - - This applies {\tt subst} repeatedly from top to bottom to all - identifiers of the context for which an equality of the form {\tt - \ident} = $t$ or $t$ {\tt = \ident} or {\tt \ident} := $t$ exists, with - {\ident} not occurring in $t$. - -\noindent {\bf Remark: } The behavior of {\tt subst} can be controlled -using option {\tt Set Regular Subst Tactic}. When this option is -activated, {\tt subst} also deals with the following corner cases: -\begin{itemize} -\item A context with ordered hypotheses {\tt \ident$_1$ = \ident$_2$} - and {\tt \ident$_1$ = $t$}, or {$t'$ = \ident$_1$} with $t'$ not a - variable, and no other hypotheses of the form {\tt \ident$_2$ = $u$} - or {\tt $u$ = \ident$_2$}; without the option, a second call to {\tt - subst} would be necessary to replace {\ident$_2$} by $t$ or $t'$ - respectively. - -\item The presence of a recursive equation which without the option - would be a cause of failure of {\tt subst}. - -\item A context with cyclic dependencies as with hypotheses {\tt - \ident$_1$ = f~\ident$_2$} and {\tt \ident$_2$ = g~\ident$_1$} which - without the option would be a cause of failure of {\tt subst}. -\end{itemize} -Additionally, it prevents a local definition such as {\tt \ident} := - $t$ to be unfolded which otherwise it would exceptionally unfold in -configurations containing hypotheses of the form {\tt {\ident} = $u$}, -or {\tt $u'$ = \ident} with $u'$ not a variable. - -Finally, it preserves the initial order of hypotheses, which without -the option it may break. - -The option is on by default. - -\end{Variants} - -\subsection{\tt stepl \term} -\tacindex{stepl} - -This tactic is for chaining rewriting steps. It assumes a goal of the -form ``$R$ {\term}$_1$ {\term}$_2$'' where $R$ is a binary relation -and relies on a database of lemmas of the form {\tt forall} $x$ $y$ -$z$, $R$ $x$ $y$ {\tt ->} $eq$ $x$ $z$ {\tt ->} $R$ $z$ $y$ where $eq$ -is typically a setoid equality. The application of {\tt stepl {\term}} -then replaces the goal by ``$R$ {\term} {\term}$_2$'' and adds a new -goal stating ``$eq$ {\term} {\term}$_1$''. - -Lemmas are added to the database using the command -\comindex{Declare Left Step} -\begin{quote} -{\tt Declare Left Step {\term}.} -\end{quote} - -The tactic is especially useful for parametric setoids which are not -accepted as regular setoids for {\tt rewrite} and {\tt - setoid\_replace} (see Chapter~\ref{setoids}). - -\begin{Variants} -\item{\tt stepl {\term} by {\tac}} - -This applies {\tt stepl {\term}} then applies {\tac} to the second goal. - -\item{\tt stepr {\term}}\\ - {\tt stepr {\term} by {\tac}}\tacindex{stepr} - -This behaves as {\tt stepl} but on the right-hand-side of the binary relation. -Lemmas are expected to be of the form -``{\tt forall} $x$ $y$ -$z$, $R$ $x$ $y$ {\tt ->} $eq$ $y$ $z$ {\tt ->} $R$ $x$ $z$'' -and are registered using the command -\comindex{Declare Right Step} -\begin{quote} -{\tt Declare Right Step {\term}.} -\end{quote} -\end{Variants} - -\subsection{\tt change \term} -\tacindex{change} -\label{change} - -This tactic applies to any goal. It implements the rule -``Conv''\index{Typing rules!Conv} given in Section~\ref{Conv}. {\tt - change U} replaces the current goal \T\ with \U\ providing that -\U\ is well-formed and that \T\ and \U\ are convertible. - -\begin{ErrMsgs} -\item \errindex{Not convertible} -\end{ErrMsgs} - -\tacindex{change \dots\ in} -\begin{Variants} -\item {\tt change \term$_1$ with \term$_2$} - - This replaces the occurrences of \term$_1$ by \term$_2$ in the - current goal. The terms \term$_1$ and \term$_2$ must be - convertible. - -\item {\tt change \term$_1$ at \num$_1$ \dots\ \num$_i$ with \term$_2$} - - This replaces the occurrences numbered \num$_1$ \dots\ \num$_i$ of - \term$_1$ by \term$_2$ in the current goal. - The terms \term$_1$ and \term$_2$ must be convertible. - - \ErrMsg {\tt Too few occurrences} - -\item {\tt change {\term} in {\ident}} - -\item {\tt change \term$_1$ with \term$_2$ in {\ident}} - -\item {\tt change \term$_1$ at \num$_1$ \dots\ \num$_i$ with \term$_2$ in - {\ident}} - - This applies the {\tt change} tactic not to the goal but to the - hypothesis {\ident}. - -\end{Variants} - -\SeeAlso \ref{Conversion-tactics} - - -\section{Performing computations -\index{Conversion tactics} -\label{Conversion-tactics}} - -This set of tactics implements different specialized usages of the -tactic \texttt{change}. - -All conversion tactics (including \texttt{change}) can be -parameterized by the parts of the goal where the conversion can -occur. This is done using \emph{goal clauses} which consists in a list -of hypotheses and, optionally, of a reference to the conclusion of the -goal. For defined hypothesis it is possible to specify if the -conversion should occur on the type part, the body part or both -(default). - -\index{Clauses} -\index{Goal clauses} -Goal clauses are written after a conversion tactic (tactics -\texttt{set}~\ref{tactic:set}, \texttt{rewrite}~\ref{rewrite}, -\texttt{replace}~\ref{tactic:replace} and -\texttt{autorewrite}~\ref{tactic:autorewrite} also use goal clauses) and -are introduced by the keyword \texttt{in}. If no goal clause is provided, -the default is to perform the conversion only in the conclusion. - -The syntax and description of the various goal clauses is the following: -\begin{description} -\item[]\texttt{in {\ident}$_1$ $\ldots$ {\ident}$_n$ |- } only in hypotheses {\ident}$_1$ - \ldots {\ident}$_n$ -\item[]\texttt{in {\ident}$_1$ $\ldots$ {\ident}$_n$ |- *} in hypotheses {\ident}$_1$ \ldots - {\ident}$_n$ and in the conclusion -\item[]\texttt{in * |-} in every hypothesis -\item[]\texttt{in *} (equivalent to \texttt{in * |- *}) everywhere -\item[]\texttt{in (type of {\ident}$_1$) (value of {\ident}$_2$) $\ldots$ |-} in - type part of {\ident}$_1$, in the value part of {\ident}$_2$, etc. -\end{description} - -For backward compatibility, the notation \texttt{in}~{\ident}$_1$\ldots {\ident}$_n$ -performs the conversion in hypotheses {\ident}$_1$\ldots {\ident}$_n$. - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%voir reduction__conv_x : histoires d'univers. -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -\subsection{{\tt cbv \flag$_1$ \mbox{\dots} \flag$_n$}, {\tt lazy \flag$_1$ -\mbox{\dots} \flag$_n$}, and \tt compute} -\tacindex{cbv} -\tacindex{lazy} -\tacindex{compute} -\tacindex{vm\_compute}\label{vmcompute} -\tacindex{native\_compute}\label{nativecompute} - -These parameterized reduction tactics apply to any goal and perform -the normalization of the goal according to the specified flags. In -correspondence with the kinds of reduction considered in \Coq\, namely -$\beta$ (reduction of functional application), $\delta$ (unfolding of -transparent constants, see \ref{Transparent}), $\iota$ (reduction of -pattern-matching over a constructed term, and unfolding of {\tt fix} -and {\tt cofix} expressions) and $\zeta$ (contraction of local -definitions), the flags are either {\tt beta}, {\tt delta}, -{\tt match}, {\tt fix}, {\tt cofix}, {\tt iota} or {\tt zeta}. -The {\tt iota} flag is a shorthand for {\tt match}, {\tt fix} and {\tt cofix}. -The {\tt delta} flag itself can be refined into {\tt -delta [\qualid$_1$\ldots\qualid$_k$]} or {\tt delta --[\qualid$_1$\ldots\qualid$_k$]}, restricting in the first case the -constants to unfold to the constants listed, and restricting in the -second case the constant to unfold to all but the ones explicitly -mentioned. Notice that the {\tt delta} flag does not apply to -variables bound by a let-in construction inside the term itself (use -here the {\tt zeta} flag). In any cases, opaque constants are not -unfolded (see Section~\ref{Opaque}). - -Normalization according to the flags is done by first evaluating the -head of the expression into a {\em weak-head} normal form, i.e. until -the evaluation is bloked by a variable (or an opaque constant, or an -axiom), as e.g. in {\tt x\;u$_1$\;...\;u$_n$}, or {\tt match x with - ... end}, or {\tt (fix f x \{struct x\} := ...) x}, or is a -constructed form (a $\lambda$-expression, a constructor, a cofixpoint, -an inductive type, a product type, a sort), or is a redex that the -flags prevent to reduce. Once a weak-head normal form is obtained, -subterms are recursively reduced using the same strategy. - -Reduction to weak-head normal form can be done using two strategies: -{\em lazy} ({\tt lazy} tactic), or {\em call-by-value} ({\tt cbv} -tactic). The lazy strategy is a call-by-need strategy, with sharing of -reductions: the arguments of a function call are weakly evaluated only -when necessary, and if an argument is used several times then it is -weakly computed only once. This reduction is efficient for reducing -expressions with dead code. For instance, the proofs of a proposition -{\tt exists~$x$. $P(x)$} reduce to a pair of a witness $t$, and a -proof that $t$ satisfies the predicate $P$. Most of the time, $t$ may -be computed without computing the proof of $P(t)$, thanks to the lazy -strategy. - -The call-by-value strategy is the one used in ML languages: the -arguments of a function call are systematically weakly evaluated -first. Despite the lazy strategy always performs fewer reductions than -the call-by-value strategy, the latter is generally more efficient for -evaluating purely computational expressions (i.e. with little dead code). - -\begin{Variants} -\item {\tt compute} \tacindex{compute}\\ - {\tt cbv} - - These are synonyms for {\tt cbv beta delta iota zeta}. - -\item {\tt lazy} - - This is a synonym for {\tt lazy beta delta iota zeta}. - -\item {\tt compute [\qualid$_1$\ldots\qualid$_k$]}\\ - {\tt cbv [\qualid$_1$\ldots\qualid$_k$]} - - These are synonyms of {\tt cbv beta delta - [\qualid$_1$\ldots\qualid$_k$] iota zeta}. - -\item {\tt compute -[\qualid$_1$\ldots\qualid$_k$]}\\ - {\tt cbv -[\qualid$_1$\ldots\qualid$_k$]} - - These are synonyms of {\tt cbv beta delta - -[\qualid$_1$\ldots\qualid$_k$] iota zeta}. - -\item {\tt lazy [\qualid$_1$\ldots\qualid$_k$]}\\ - {\tt lazy -[\qualid$_1$\ldots\qualid$_k$]} - - These are respectively synonyms of {\tt lazy beta delta - [\qualid$_1$\ldots\qualid$_k$] iota zeta} and {\tt lazy beta delta - -[\qualid$_1$\ldots\qualid$_k$] iota zeta}. - -\item {\tt vm\_compute} \tacindex{vm\_compute} - - This tactic evaluates the goal using the optimized call-by-value evaluation - bytecode-based virtual machine described in - \cite{CompiledStrongReduction}. This algorithm is dramatically more efficient - than the algorithm used for the {\tt cbv} tactic, but it cannot be - fine-tuned. It is specially interesting for full evaluation of algebraic - objects. This includes the case of reflection-based tactics. - -\item {\tt native\_compute} \tacindex{native\_compute} \optindex{NativeCompute Profiling} - - This tactic evaluates the goal by compilation to \ocaml{} as described in - \cite{FullReduction}. If \Coq{} is running in native code, it can be typically - two to five times faster than {\tt vm\_compute}. Note however that the - compilation cost is higher, so it is worth using only for intensive - computations. - - On Linux, if you have the {\tt perf} profiler installed, you can profile {\tt native\_compute} evaluations. - The command - \begin{quote} - {\tt Set Native Compute Profiling} - \end{quote} - enables profiling. Use the command - \begin{quote} - {\tt Set NativeCompute Profile Filename \str} - \end{quote} - to specify the profile output; the default is {\tt native\_compute\_profile.data}. The actual filename used - will contain extra characters to avoid overwriting an existing file; that filename is reported to the user. That means - you can individually profile multiple uses of {\tt native\_compute} in a script. From the Linux command line, run {\tt perf report} on - the profile file to see the results. Consult the {\tt perf} documentation for more details. - -\end{Variants} - -\Rem The following option makes {\tt cbv} (and its derivative {\tt - compute}) print information about the constants it encounters and -the unfolding decisions it makes. -\begin{quote} - \optindex{Debug Cbv} - {\tt Set Debug Cbv} -\end{quote} - -% Obsolete? Anyway not very important message -%\begin{ErrMsgs} -%\item \errindex{Delta must be specified before} -% -% A list of constants appeared before the {\tt delta} flag. -%\end{ErrMsgs} - - -\subsection{\tt red} -\tacindex{red} - -This tactic applies to a goal that has the form {\tt - forall (x:T1)\dots(xk:Tk), t} with {\tt t} -$\beta\iota\zeta$-reducing to {\tt c t1 \dots\ tn} and {\tt c} a -constant. If -{\tt c} is transparent then it replaces {\tt c} with its definition -(say {\tt t}) and then reduces {\tt (t t1 \dots\ tn)} according to -$\beta\iota\zeta$-reduction rules. - -\begin{ErrMsgs} -\item \errindex{Not reducible} -\end{ErrMsgs} - -\subsection{\tt hnf} -\tacindex{hnf} - -This tactic applies to any goal. It replaces the current goal with its -head normal form according to the $\beta\delta\iota\zeta$-reduction -rules, i.e. it reduces the head of the goal until it becomes a -product or an irreducible term. All inner $\beta\iota$-redexes are also -reduced. - -\Example -The term \verb+forall n:nat, (plus (S n) (S n))+ is not reduced by {\tt hnf}. - -\Rem The $\delta$ rule only applies to transparent constants -(see Section~\ref{Opaque} on transparency and opacity). - -\subsection{\texorpdfstring{\texttt{cbn}}{cbn} and \texorpdfstring{\texttt{simpl}}{simpl}} -\tacindex{cbn} \tacindex{simpl} - -These tactics apply to any goal. They try to reduce a term to -something still readable instead of fully normalizing it. They perform -a sort of strong normalization with two key differences: -\begin{itemize} -\item They unfold a constant if and only if it leads to a - $\iota$-reduction, i.e. reducing a match or unfolding a fixpoint. -\item While reducing a constant unfolding to (co)fixpoints, - the tactics use the name of the - constant the (co)fixpoint comes from instead of the (co)fixpoint - definition in recursive calls. -\end{itemize} - -The \texttt{cbn} tactic is claimed to be a more principled, faster and more -predictable replacement for \texttt{simpl}. - -The \texttt{cbn} tactic accepts the same flags as \texttt{cbv} and -\texttt{lazy}. The behavior of both \texttt{simpl} and \texttt{cbn} -can be tuned using the \texttt{Arguments} vernacular command as -follows: \comindex{Arguments} -\begin{itemize} -\item -A constant can be marked to be never unfolded by \texttt{cbn} or -\texttt{simpl}: -\begin{coq_example*} -Arguments minus n m : simpl never. -\end{coq_example*} -After that command an expression like \texttt{(minus (S x) y)} is left -untouched by the tactics \texttt{cbn} and \texttt{simpl}. -\item -A constant can be marked to be unfolded only if applied to enough arguments. -The number of arguments required can be specified using -the {\tt /} symbol in the arguments list of the {\tt Arguments} vernacular -command. -\begin{coq_example*} -Definition fcomp A B C f (g : A -> B) (x : A) : C := f (g x). -Notation "f \o g" := (fcomp f g) (at level 50). -Arguments fcomp {A B C} f g x /. -\end{coq_example*} -After that command the expression {\tt (f \verb+\+o g)} is left untouched by -{\tt simpl} while {\tt ((f \verb+\+o g) t)} is reduced to {\tt (f (g t))}. -The same mechanism can be used to make a constant volatile, i.e. always -unfolded. -\begin{coq_example*} -Definition volatile := fun x : nat => x. -Arguments volatile / x. -\end{coq_example*} -\item -A constant can be marked to be unfolded only if an entire set of arguments -evaluates to a constructor. The {\tt !} symbol can be used to mark such -arguments. -\begin{coq_example*} -Arguments minus !n !m. -\end{coq_example*} -After that command, the expression {\tt (minus (S x) y)} is left untouched by -{\tt simpl}, while {\tt (minus (S x) (S y))} is reduced to {\tt (minus x y)}. -\item -A special heuristic to determine if a constant has to be unfolded can be -activated with the following command: -\begin{coq_example*} -Arguments minus n m : simpl nomatch. -\end{coq_example*} -The heuristic avoids to perform a simplification step that would -expose a {\tt match} construct in head position. For example the -expression {\tt (minus (S (S x)) (S y))} is simplified to -{\tt (minus (S x) y)} even if an extra simplification is possible. -\end{itemize} - -In detail, the tactic \texttt{simpl} first applies -$\beta\iota$-reduction. Then, it expands transparent constants and -tries to reduce further using $\beta\iota$-reduction. But, when no -$\iota$ rule is applied after unfolding then $\delta$-reductions are -not applied. For instance trying to use \texttt{simpl} on -\texttt{(plus n O)=n} changes nothing. - -Notice that only transparent constants whose name can be reused in the -recursive calls are possibly unfolded by \texttt{simpl}. For instance -a constant defined by \texttt{plus' := plus} is possibly unfolded and -reused in the recursive calls, but a constant such as \texttt{succ := - plus (S O)} is never unfolded. This is the main difference between -\texttt{simpl} and \texttt{cbn}. The tactic \texttt{cbn} reduces -whenever it will be able to reuse it or not: \texttt{succ t} is -reduced to \texttt{S t}. - -\tacindex{simpl \dots\ in} -\begin{Variants} -\item {\tt cbn [\qualid$_1$\ldots\qualid$_k$]}\\ - {\tt cbn -[\qualid$_1$\ldots\qualid$_k$]} - - These are respectively synonyms of {\tt cbn beta delta - [\qualid$_1$\ldots\qualid$_k$] iota zeta} and {\tt cbn beta delta - -[\qualid$_1$\ldots\qualid$_k$] iota zeta} (see \ref{vmcompute}). - -\item {\tt simpl {\pattern}} - - This applies {\tt simpl} only to the subterms matching {\pattern} in the - current goal. - -\item {\tt simpl {\pattern} at \num$_1$ \dots\ \num$_i$} - - This applies {\tt simpl} only to the \num$_1$, \dots, \num$_i$ - occurrences of the subterms matching {\pattern} in the current goal. - - \ErrMsg {\tt Too few occurrences} - -\item {\tt simpl {\qualid}}\\ - {\tt simpl {\qstring}} - - This applies {\tt simpl} only to the applicative subterms whose head - occurrence is the unfoldable constant {\qualid} (the constant can be - referred to by its notation using {\qstring} if such a notation - exists). - -\item {\tt simpl {\qualid} at \num$_1$ \dots\ \num$_i$}\\ - {\tt simpl {\qstring} at \num$_1$ \dots\ \num$_i$}\\ - - This applies {\tt simpl} only to the \num$_1$, \dots, \num$_i$ - applicative subterms whose head occurrence is {\qualid} (or - {\qstring}). - -\end{Variants} - -\begin{quote} -\optindex{Refolding Reduction} -{\tt Refolding Reduction} -\end{quote} -\emph{Deprecated since 8.7} - -This option (off by default) controls the use of the refolding strategy -of {\tt cbn} while doing reductions in unification, type inference and -tactic applications. It can result in expensive unifications, as -refolding currently uses a potentially exponential heuristic. - -\begin{quote} - \optindex{Debug RAKAM} - {\tt Set Debug RAKAM} -\end{quote} -This option makes {\tt cbn} print various debugging information. -{\tt RAKAM} is the Refolding Algebraic Krivine Abstract Machine. - -\subsection{\tt unfold \qualid} -\tacindex{unfold} -\label{unfold} - -This tactic applies to any goal. The argument {\qualid} must denote a -defined transparent constant or local definition (see Sections~\ref{Basic-definitions} and~\ref{Transparent}). The tactic {\tt - unfold} applies the $\delta$ rule to each occurrence of the constant -to which {\qualid} refers in the current goal and then replaces it -with its $\beta\iota$-normal form. - -\begin{ErrMsgs} -\item {\qualid} \errindex{does not denote an evaluable constant} - -\end{ErrMsgs} - -\begin{Variants} -\item {\tt unfold {\qualid} in {\ident}} - \tacindex{unfold \dots in} - - Replaces {\qualid} in hypothesis {\ident} with its definition - and replaces the hypothesis with its $\beta\iota$ normal form. - -\item {\tt unfold {\qualid}$_1$, \dots, \qualid$_n$} - - Replaces {\em simultaneously} {\qualid}$_1$, \dots, {\qualid}$_n$ - with their definitions and replaces the current goal with its - $\beta\iota$ normal form. - -\item {\tt unfold {\qualid}$_1$ at \num$_1^1$, \dots, \num$_i^1$, -\dots,\ \qualid$_n$ at \num$_1^n$ \dots\ \num$_j^n$} - - The lists \num$_1^1$, \dots, \num$_i^1$ and \num$_1^n$, \dots, - \num$_j^n$ specify the occurrences of {\qualid}$_1$, \dots, - \qualid$_n$ to be unfolded. Occurrences are located from left to - right. - - \ErrMsg {\tt bad occurrence number of {\qualid}$_i$} - - \ErrMsg {\qualid}$_i$ {\tt does not occur} - -\item {\tt unfold {\qstring}} - - If {\qstring} denotes the discriminating symbol of a notation (e.g. {\tt - "+"}) or an expression defining a notation (e.g. \verb!"_ + _"!), and - this notation refers to an unfoldable constant, then the tactic - unfolds it. - -\item {\tt unfold {\qstring}\%{\delimkey}} - - This is variant of {\tt unfold {\qstring}} where {\qstring} gets its - interpretation from the scope bound to the delimiting key - {\delimkey} instead of its default interpretation (see - Section~\ref{scopechange}). - -\item {\tt unfold \qualidorstring$_1$ at \num$_1^1$, \dots, \num$_i^1$, -\dots,\ \qualidorstring$_n$ at \num$_1^n$ \dots\ \num$_j^n$} - - This is the most general form, where {\qualidorstring} is either a - {\qualid} or a {\qstring} referring to a notation. - -\end{Variants} - -\subsection{\tt fold \term} -\tacindex{fold} - -This tactic applies to any goal. The term \term\ is reduced using the {\tt red} -tactic. Every occurrence of the resulting term in the goal is then -replaced by \term. - -\begin{Variants} -\item {\tt fold} \term$_1$ \dots\ \term$_n$ - - Equivalent to {\tt fold} \term$_1${\tt;}\ldots{\tt; fold} \term$_n$. -\end{Variants} - -\subsection{\tt pattern \term} -\tacindex{pattern} -\label{pattern} - -This command applies to any goal. The argument {\term} must be a free -subterm of the current goal. The command {\tt pattern} performs -$\beta$-expansion (the inverse of $\bt$-reduction) of the current goal -(say \T) by -\begin{enumerate} -\item replacing all occurrences of {\term} in {\T} with a fresh variable -\item abstracting this variable -\item applying the abstracted goal to {\term} -\end{enumerate} - -For instance, if the current goal $T$ is expressible has $\phi(t)$ -where the notation captures all the instances of $t$ in $\phi(t)$, -then {\tt pattern $t$} transforms it into {\tt (fun x:$A$ => $\phi(${\tt -x}$)$) $t$}. This command can be used, for instance, when the tactic -{\tt apply} fails on matching. - -\begin{Variants} -\item {\tt pattern {\term} at {\num$_1$} \dots\ {\num$_n$}} - - Only the occurrences {\num$_1$} \dots\ {\num$_n$} of {\term} are - considered for $\beta$-expansion. Occurrences are located from left - to right. - -\item {\tt pattern {\term} at - {\num$_1$} \dots\ {\num$_n$}} - - All occurrences except the occurrences of indexes {\num$_1$} \dots\ - {\num$_n$} of {\term} are considered for - $\beta$-expansion. Occurrences are located from left to right. - -\item {\tt pattern {\term$_1$}, \dots, {\term$_m$}} - - Starting from a goal $\phi(t_1 \dots\ t_m)$, the tactic - {\tt pattern $t_1$, \dots,\ $t_m$} generates the equivalent goal {\tt - (fun (x$_1$:$A_1$) \dots\ (x$_m$:$A_m$) => $\phi(${\tt x$_1$\dots\ - x$_m$}$)$) $t_1$ \dots\ $t_m$}. If $t_i$ occurs in one of the - generated types $A_j$ these occurrences will also be considered and - possibly abstracted. - -\item {\tt pattern {\term$_1$} at {\num$_1^1$} \dots\ {\num$_{n_1}^1$}, \dots, - {\term$_m$} at {\num$_1^m$} \dots\ {\num$_{n_m}^m$}} - - This behaves as above but processing only the occurrences \num$_1^1$, - \dots, \num$_i^1$ of \term$_1$, \dots, \num$_1^m$, \dots, \num$_j^m$ - of \term$_m$ starting from \term$_m$. - -\item {\tt pattern} {\term$_1$} \zeroone{{\tt at \zeroone{-}} {\num$_1^1$} \dots\ {\num$_{n_1}^1$}} {\tt ,} \dots {\tt ,} - {\term$_m$} \zeroone{{\tt at \zeroone{-}} {\num$_1^m$} \dots\ {\num$_{n_m}^m$}} - - This is the most general syntax that combines the different variants. - -\end{Variants} - -\subsection{Conversion tactics applied to hypotheses} - -{\convtactic} {\tt in} \ident$_1$ \dots\ \ident$_n$ - -Applies the conversion tactic {\convtactic} to the -hypotheses \ident$_1$, \ldots, \ident$_n$. The tactic {\convtactic} is -any of the conversion tactics listed in this section. - -If \ident$_i$ is a local definition, then \ident$_i$ can be replaced -by (Type of \ident$_i$) to address not the body but the type of the -local definition. Example: {\tt unfold not in (Type of H1) (Type of H3).} - -\begin{ErrMsgs} -\item \errindex{No such hypothesis} : {\ident}. -\end{ErrMsgs} - - -\section{Automation} -\subsection{\tt auto} -\label{auto} -\tacindex{auto} - -This tactic implements a Prolog-like resolution procedure to solve the -current goal. It first tries to solve the goal using the {\tt - assumption} tactic, then it reduces the goal to an atomic one using -{\tt intros} and introduces the newly generated hypotheses as hints. -Then it looks at the list of tactics associated to the head symbol of -the goal and tries to apply one of them (starting from the tactics -with lower cost). This process is recursively applied to the generated -subgoals. - -By default, \texttt{auto} only uses the hypotheses of the current goal and the -hints of the database named {\tt core}. - -\begin{Variants} - -\item {\tt auto \num} - - Forces the search depth to be \num. The maximal search depth is 5 by - default. - -\item {\tt auto with \ident$_1$ \dots\ \ident$_n$} - - Uses the hint databases $\ident_1$ \dots\ $\ident_n$ in addition to - the database {\tt core}. See Section~\ref{Hints-databases} for the - list of pre-defined databases and the way to create or extend a - database. - -\item {\tt auto with *} - - Uses all existing hint databases. See Section~\ref{Hints-databases} - -\item \texttt{auto using} \nterm{lemma}$_1$ {\tt ,} {\ldots} {\tt ,} \nterm{lemma}$_n$ - - Uses \nterm{lemma}$_1$, \ldots, \nterm{lemma}$_n$ in addition to - hints (can be combined with the \texttt{with \ident} option). If - $lemma_i$ is an inductive type, it is the collection of its - constructors which is added as hints. - -\item {\tt info\_auto} - - Behaves like {\tt auto} but shows the tactics it uses to solve the goal. - This variant is very useful for getting a better understanding of automation, - or to know what lemmas/assumptions were used. - -\item {\tt debug auto} Behaves like {\tt auto} but shows the tactics - it tries to solve the goal, including failing paths. - -\item {\tt \zeroone{info\_}auto \zeroone{\num}} \zeroone{{\tt using} \nterm{lemma}$_1$ - {\tt ,} {\ldots} {\tt ,} \nterm{lemma}$_n$} \zeroone{{\tt with} - \ident$_1$ {\ldots} \ident$_n$} - - This is the most general form, combining the various options. - -\item {\tt trivial}\tacindex{trivial} - - This tactic is a restriction of {\tt auto} that is not recursive and - tries only hints that cost 0. Typically it solves trivial - equalities like $X=X$. - -\item \texttt{trivial with \ident$_1$ \dots\ \ident$_n$} - -\item \texttt{trivial with *} - -\item \texttt{trivial using} \nterm{lemma}$_1$ {\tt ,} {\ldots} {\tt ,} \nterm{lemma}$_n$ - -\item {\tt info\_trivial} - -\item {\tt debug trivial} - -\item {\tt \zeroone{info\_}trivial} \zeroone{{\tt using} \nterm{lemma}$_1$ - {\tt ,} {\ldots} {\tt ,} \nterm{lemma}$_n$} \zeroone{{\tt with} - \ident$_1$ {\ldots} \ident$_n$} - -\end{Variants} - -\Rem {\tt auto} either solves completely the goal or else leaves it -intact. \texttt{auto} and \texttt{trivial} never fail. - -\Rem The following options enable printing of informative or debug -information for the {\tt auto} and {\tt trivial} tactics: -\begin{quote} - \optindex{Info Auto} - {\tt Set Info Auto} - \optindex{Debug Auto} - {\tt Set Debug Auto} - \optindex{Info Trivial} - {\tt Set Info Trivial} - \optindex{Debug Trivial} - {\tt Set Debug Trivial} -\end{quote} - -\SeeAlso Section~\ref{Hints-databases} - -\subsection{\tt eauto} -\tacindex{eauto} -\label{eauto} - -This tactic generalizes {\tt auto}. While {\tt auto} does not try -resolution hints which would leave existential variables in the goal, -{\tt eauto} does try them (informally speaking, it uses -{\tt simple eapply} where {\tt auto} uses {\tt simple apply}). -As a consequence, {\tt eauto} can solve such a goal: - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} -\begin{coq_example} -Hint Resolve ex_intro. -Goal forall P:nat -> Prop, P 0 -> exists n, P n. -eauto. -\end{coq_example} -\begin{coq_eval} -Abort. -\end{coq_eval} - -Note that {\tt ex\_intro} should be declared as a hint. - -\begin{Variants} - -\item {\tt \zeroone{info\_}eauto \zeroone{\num}} \zeroone{{\tt using} \nterm{lemma}$_1$ - {\tt ,} {\ldots} {\tt ,} \nterm{lemma}$_n$} \zeroone{{\tt with} - \ident$_1$ {\ldots} \ident$_n$} - - The various options for eauto are the same as for auto. - -\end{Variants} - -\Rem {\tt eauto} obeys the following options: -\begin{quote} - \optindex{Info Eauto} - {\tt Set Info Eauto} - \optindex{Debug Eauto} - {\tt Set Debug Eauto} -\end{quote} - -\SeeAlso Section~\ref{Hints-databases} - -\subsection{\tt autounfold with \ident$_1$ \mbox{\dots} \ident$_n$} -\tacindex{autounfold} -\label{autounfold} - -This tactic unfolds constants that were declared through a {\tt Hint - Unfold} in the given databases. - -\begin{Variants} -\item {\tt autounfold with \ident$_1$ \dots\ \ident$_n$ in \nterm{clause}} - - Performs the unfolding in the given clause. - -\item {\tt autounfold with *} - - Uses the unfold hints declared in all the hint databases. -\end{Variants} - - -\subsection{\tt autorewrite with \ident$_1$ \mbox{\dots} \ident$_n$} -\label{tactic:autorewrite} -\tacindex{autorewrite} - -This tactic \footnote{The behavior of this tactic has much changed compared to -the versions available in the previous distributions (V6). This may cause -significant changes in your theories to obtain the same result. As a drawback -of the re-engineering of the code, this tactic has also been completely revised -to get a very compact and readable version.} carries out rewritings according -the rewriting rule bases {\tt \ident$_1$ \dots \ident$_n$}. - -Each rewriting rule of a base \ident$_i$ is applied to the main subgoal until -it fails. Once all the rules have been processed, if the main subgoal has -progressed (e.g., if it is distinct from the initial main goal) then the rules -of this base are processed again. If the main subgoal has not progressed then -the next base is processed. For the bases, the behavior is exactly similar to -the processing of the rewriting rules. - -The rewriting rule bases are built with the {\tt Hint~Rewrite} vernacular -command. - -\Warning{} This tactic may loop if you build non terminating rewriting systems. - -\begin{Variant} -\item {\tt autorewrite with \ident$_1$ \mbox{\dots} \ident$_n$ using \tac} - -Performs, in the same way, all the rewritings of the bases {\tt \ident$_1$ -\mbox{\dots} \ident$_n$} applying {\tt \tac} to the main subgoal after each -rewriting step. - -\item {\tt autorewrite with \ident$_1$ \mbox{\dots} \ident$_n$ in \qualid} - - Performs all the rewritings in hypothesis {\qualid}. -\item {\tt autorewrite with \ident$_1$ \mbox{\dots} \ident$_n$ in {\qualid} using \tac} - - Performs all the rewritings in hypothesis {\qualid} applying {\tt - \tac} to the main subgoal after each rewriting step. - -\item {\tt autorewrite with \ident$_1$ \mbox{\dots} \ident$_n$ in \nterm{clause}} - - Performs all the rewriting in the clause \nterm{clause}. - The \nterm{clause} argument must not contain any \texttt{type of} nor \texttt{value of}. - -\end{Variant} - -\SeeAlso Section~\ref{HintRewrite} for feeding the database of lemmas used by {\tt autorewrite}. - -\SeeAlso Section~\ref{autorewrite-example} for examples showing the use of -this tactic. - -% En attente d'un moyen de valoriser les fichiers de demos -%\SeeAlso file \texttt{contrib/Rocq/DEMOS/Demo\_AutoRewrite.v} - -\subsection{\tt easy} -\tacindex{easy} -\label{easy} - -This tactic tries to solve the current goal by a number of standard closing steps. -In particular, it tries to close the current goal using the closing tactics -{\tt trivial}, reflexivity, symmetry, contradiction and inversion of hypothesis. -If this fails, it tries introducing variables and splitting and-hypotheses, -using the closing tactics afterwards, and splitting the goal using {\tt split} and recursing. - -This tactic solves goals that belong to many common classes; in particular, many cases of -unsatisfiable hypotheses, and simple equality goals are usually solved by this tactic. - -\begin{Variant} -\item {\tt now \tac} - \tacindex{now} - - Run \tac\/ followed by easy. This is a notation for {\tt \tac; easy}. -\end{Variant} - -\section{Controlling automation} - -\subsection{The hints databases for {\tt auto} and {\tt eauto}} -\index{Hints databases} -\label{Hints-databases} -\comindex{Hint} - -The hints for \texttt{auto} and \texttt{eauto} are stored in -databases. Each database maps head symbols to a list of hints. One can -use the command \texttt{Print Hint \ident} to display the hints -associated to the head symbol \ident{} (see \ref{PrintHint}). Each -hint has a cost that is a nonnegative integer, and an optional pattern. -The hints with lower cost are tried first. A hint is tried by -\texttt{auto} when the conclusion of the current goal -matches its pattern or when it has no pattern. - -\subsubsection*{Creating Hint databases - \label{CreateHintDb}\comindex{CreateHintDb}} - -One can optionally declare a hint database using the command -\texttt{Create HintDb}. If a hint is added to an unknown database, it -will be automatically created. - -\medskip -\texttt{Create HintDb} {\ident} [\texttt{discriminated}] -\medskip - -This command creates a new database named \ident. -The database is implemented by a Discrimination Tree (DT) that serves as -an index of all the lemmas. The DT can use transparency information to decide -if a constant should be indexed or not (c.f. \ref{HintTransparency}), -making the retrieval more efficient. -The legacy implementation (the default one for new databases) uses the -DT only on goals without existentials (i.e., auto goals), for non-Immediate -hints and do not make use of transparency hints, putting more work on the -unification that is run after retrieval (it keeps a list of the lemmas -in case the DT is not used). The new implementation enabled by -the {\tt discriminated} option makes use of DTs in all cases and takes -transparency information into account. However, the order in which hints -are retrieved from the DT may differ from the order in which they were -inserted, making this implementation observationally different from the -legacy one. - -The general -command to add a hint to some databases \ident$_1$, \dots, \ident$_n$ is -\begin{tabbing} - {\tt Hint {\hintdef} :~\ident$_1$ \mbox{\dots} \ident$_n$} -\end{tabbing} - -\begin{Variants} -\item {\tt Hint \hintdef} - - No database name is given: the hint is registered in the {\tt core} - database. - -\item {\tt Local Hint {\hintdef} :~\ident$_1$ \mbox{\dots} \ident$_n$} - - This is used to declare hints that must not be exported to the other - modules that require and import the current module. Inside a - section, the option {\tt Local} is useless since hints do not - survive anyway to the closure of sections. - -\item {\tt Local Hint \hintdef} - - Idem for the {\tt core} database. - -\end{Variants} - -The {\hintdef} is one of the following expressions: - -\begin{itemize} -\item {\tt Resolve \term {\zeroone{{\tt |} \zeroone{\num} \zeroone{\pattern}}}} - \comindex{Hint Resolve} - - This command adds {\tt simple apply {\term}} to the hint list - with the head symbol of the type of \term. The cost of that hint is - the number of subgoals generated by {\tt simple apply {\term}} or \num - if specified. The associated pattern is inferred from the conclusion - of the type of \term or the given \pattern if specified. -%{\tt auto} actually uses a slightly modified variant of {\tt simple apply} with use_metas_eagerly_in_conv_on_closed_terms set to false - - In case the inferred type of \term\ does not start with a product - the tactic added in the hint list is {\tt exact {\term}}. -% Actually, a slightly restricted version is used (no conversion on the head symbol) - In case - this type can however be reduced to a type starting with a product, - the tactic {\tt simple apply {\term}} is also stored in the hints list. - - If the inferred type of \term\ contains a dependent quantification - on a variable which occurs only in the premisses of the type and not - in its conclusion, no instance could be inferred for the variable by - unification with the goal. In this case, the hint is added to the - hint list of {\tt eauto} (see \ref{eauto}) instead of the hint list - of {\tt auto} and a warning is printed. A typical example of a hint - that is used only by \texttt{eauto} is a transitivity lemma. - - \begin{ErrMsgs} -%% \item \errindex{Bound head variable} - - \item \term\ \errindex{cannot be used as a hint} - - The head symbol of the type of {\term} is a bound variable such - that this tactic cannot be associated to a constant. - - %% The type of {\term} contains products over variables that do not - %% appear in the conclusion. A typical example is a transitivity axiom. - %% In that case the {\tt simple apply} tactic fails, and thus is useless. - - \end{ErrMsgs} - - \begin{Variants} - - \item {\tt Resolve \term$_1$ \mbox{\dots} \term$_m$} - - Adds each \texttt{Resolve} {\term$_i$}. - - \item {\tt Resolve -> \term} - - Adds the left-to-right implication of an equivalence as a hint - (informally the hint will be used as {\tt apply <- \term}, - although as mentionned before, the tactic actually used is - a restricted version of apply). - - \item {\tt Resolve <- \term} - - Adds the right-to-left implication of an equivalence as a hint. - - \end{Variants} - -\item \texttt{Immediate {\term}} -\comindex{Hint Immediate} - - This command adds {\tt simple apply {\term}; trivial} to the hint list - associated with the head symbol of the type of {\ident} in the given - database. This tactic will fail if all the subgoals generated by - {\tt simple apply {\term}} are not solved immediately by the {\tt trivial} - tactic (which only tries tactics with cost $0$). - - This command is useful for theorems such as the symmetry of equality - or $n+1=m+1 \to n=m$ that we may like to introduce with a - limited use in order to avoid useless proof-search. - - The cost of this tactic (which never generates subgoals) is always 1, - so that it is not used by {\tt trivial} itself. - - \begin{ErrMsgs} - -%% \item \errindex{Bound head variable} - - \item \term\ \errindex{cannot be used as a hint} - - \end{ErrMsgs} - - \begin{Variants} - - \item {\tt Immediate \term$_1$ \mbox{\dots} \term$_m$} - - Adds each \texttt{Immediate} {\term$_i$}. - - \end{Variants} - -\item \texttt{Constructors} {\ident} -\comindex{Hint Constructors} - - If {\ident} is an inductive type, this command adds all its - constructors as hints of type \texttt{Resolve}. Then, when the - conclusion of current goal has the form \texttt{({\ident} \dots)}, - \texttt{auto} will try to apply each constructor. - - \begin{ErrMsgs} - - \item {\ident} \errindex{is not an inductive type} - -% No need to have this message here, is is generic to all commands -% referring to globals -%% \item {\ident} \errindex{not declared} - - \end{ErrMsgs} - - \begin{Variants} - - \item {\tt Constructors \ident$_1$ \mbox{\dots} \ident$_m$} - - Adds each \texttt{Constructors} {\ident$_i$}. - - \end{Variants} - -\item \texttt{Unfold} {\qualid} -\comindex{Hint Unfold} - - This adds the tactic {\tt unfold {\qualid}} to the hint list that - will only be used when the head constant of the goal is \ident. Its - cost is 4. - - \begin{Variants} - - \item {\tt Unfold \ident$_1$ \mbox{\dots} \ident$_m$} - - Adds each \texttt{Unfold} {\ident$_i$}. - - \end{Variants} - -\item \texttt{Transparent}, \texttt{Opaque} {\qualid} -\label{HintTransparency} -\comindex{Hint Transparent} -\comindex{Hint Opaque} - - This adds a transparency hint to the database, making {\tt {\qualid}} - a transparent or opaque constant during resolution. This information - is used during unification of the goal with any lemma in the database - and inside the discrimination network to relax or constrain it in the - case of \texttt{discriminated} databases. - - \begin{Variants} - - \item \texttt{Transparent}, \texttt{Opaque} {\ident$_1$} \mbox{\dots} {\ident$_m$} - - Declares each {\ident$_i$} as a transparent or opaque constant. - - \end{Variants} - -\item \texttt{Extern \num\ [\pattern]\ => }\textsl{tactic} -\comindex{Hint Extern} - - This hint type is to extend \texttt{auto} with tactics other than - \texttt{apply} and \texttt{unfold}. For that, we must specify a - cost, an optional pattern and a tactic to execute. Here is an example: - -\begin{quotation} -\begin{verbatim} -Hint Extern 4 (~(_ = _)) => discriminate. -\end{verbatim} -\end{quotation} - - Now, when the head of the goal is a disequality, \texttt{auto} will - try \texttt{discriminate} if it does not manage to solve the goal - with hints with a cost less than 4. - - One can even use some sub-patterns of the pattern in the tactic - script. A sub-pattern is a question mark followed by an identifier, like - \texttt{?X1} or \texttt{?X2}. Here is an example: - -% Require EqDecide. -\begin{coq_example*} -Require Import List. -\end{coq_example*} -\begin{coq_example} -Hint Extern 5 ({?X1 = ?X2} + {?X1 <> ?X2}) => - generalize X1, X2; decide equality : eqdec. -Goal -forall a b:list (nat * nat), {a = b} + {a <> b}. -Info 1 auto with eqdec. -\end{coq_example} -\begin{coq_eval} -Abort. -\end{coq_eval} - -\item \texttt{Cut} {\textit{regexp}} -\label{HintCut} -\comindex{Hint Cut} - - \textit{Warning:} these hints currently only apply to typeclass proof search and - the \texttt{typeclasses eauto} tactic (\ref{typeclasseseauto}). - - This command can be used to cut the proof-search tree according to a - regular expression matching paths to be cut. The grammar for regular - expressions is the following. Beware, there is no operator precedence - during parsing, one can check with \texttt{Print HintDb} to verify the - current cut expression: -\[\begin{array}{lcll} - e & ::= & \ident & \text{ hint or instance identifier } \\ - & & \texttt{\_} & \text{ any hint } \\ - & & e | e' & \text{ disjunction } \\ - & & e e' & \text{ sequence } \\ - & & e * & \text{ Kleene star } \\ - & & \texttt{emp} & \text{ empty } \\ - & & \texttt{eps} & \text{ epsilon } \\ - & & \texttt{(} e \texttt{)} & -\end{array}\] - -The \texttt{emp} regexp does not match any search path while -\texttt{eps} matches the empty path. During proof search, the path of -successive successful hints on a search branch is recorded, as a list of -identifiers for the hints (note \texttt{Hint Extern}'s do not have an -associated identifier). Before applying any hint $\ident$ the current -path $p$ extended with $\ident$ is matched against the current cut -expression $c$ associated to the hint database. If matching succeeds, -the hint is \emph{not} applied. The semantics of \texttt{Hint Cut} $e$ -is to set the cut expression to $c | e$, the initial cut expression -being \texttt{emp}. - - -\item \texttt{Mode} {\qualid} {\tt (+ | ! | -)}$^*$ -\label{HintMode} -\comindex{Hint Mode} - -This sets an optional mode of use of the identifier {\qualid}. When -proof-search faces a goal that ends in an application of {\qualid} to -arguments {\tt \term$_1$ \mbox{\dots} \term$_n$}, the mode tells if the -hints associated to qualid can be applied or not. A mode specification -is a list of $n$ {\tt +}, {\tt !} or {\tt -} items that specify if an -argument of the identifier is to be treated as an input ({\tt +}), if -its head only is an input ({\tt !}) or an output ({\tt -}) of the -identifier. For a mode to match a list of arguments, input terms and -input heads \emph{must not} contain existential variables or be -existential variables respectively, while outputs can be any -term. Multiple modes can be declared for a single identifier, in that -case only one mode needs to match the arguments for the hints to be -applied. - -The head of a term is understood here as the applicative head, or the -match or projection scrutinee's head, recursively, casts being ignored. - -{\tt Hint Mode} is especially useful for typeclasses, when one does not -want to support default instances and avoid ambiguity in -general. Setting a parameter of a class as an input forces proof-search -to be driven by that index of the class, with {\tt !} giving more -flexibility by allowing existentials to still appear deeper in the index -but not at its head. - -\end{itemize} - -\Rem One can use an \texttt{Extern} hint with no pattern to do -pattern-matching on hypotheses using \texttt{match goal with} inside -the tactic. - -% There are shortcuts that allow to define several goal at once: - -% \begin{itemize} -% \item \comindex{Hints Resolve}\texttt{Hints Resolve \ident$_1$ \dots\ \ident$_n$ : \ident.}\\ -% This command is a shortcut for the following ones: -% \begin{quotation} -% \noindent\texttt{Hint \ident$_1$ : \ident\ := Resolve \ident$_1$}\\ -% \dots\\ -% \texttt{Hint \ident$_1$ : \ident := Resolve \ident$_1$} -% \end{quotation} -% Notice that the hint name is the same that the theorem given as -% hint. -% \item \comindex{Hints Immediate}\texttt{Hints Immediate \ident$_1$ \dots\ \ident$_n$ : \ident.}\\ -% \item \comindex{Hints Unfold}\texttt{Hints Unfold \qualid$_1$ \dots\ \qualid$_n$ : \ident.}\\ -% \end{itemize} - -%\begin{Warnings} -% \item \texttt{Overriding hint named \dots\ in database \dots} -%\end{Warnings} - - - -\subsection{Hint databases defined in the \Coq\ standard library} - -Several hint databases are defined in the \Coq\ standard library. The -actual content of a database is the collection of the hints declared -to belong to this database in each of the various modules currently -loaded. Especially, requiring new modules potentially extend a -database. At {\Coq} startup, only the {\tt core} database is non empty -and can be used. - -\begin{description} - -\item[\tt core] This special database is automatically used by - \texttt{auto}, except when pseudo-database \texttt{nocore} is - given to \texttt{auto}. The \texttt{core} database contains - only basic lemmas about negation, - conjunction, and so on from. Most of the hints in this database come - from the \texttt{Init} and \texttt{Logic} directories. - -\item[\tt arith] This database contains all lemmas about Peano's - arithmetic proved in the directories \texttt{Init} and - \texttt{Arith} - -\item[\tt zarith] contains lemmas about binary signed integers from - the directories \texttt{theories/ZArith}. When required, the module - {\tt Omega} also extends the database {\tt zarith} with a high-cost - hint that calls {\tt omega} on equations and inequalities in {\tt - nat} or {\tt Z}. - -\item[\tt bool] contains lemmas about booleans, mostly from directory - \texttt{theories/Bool}. - -\item[\tt datatypes] is for lemmas about lists, streams and so on that - are mainly proved in the \texttt{Lists} subdirectory. - -\item[\tt sets] contains lemmas about sets and relations from the - directories \texttt{Sets} and \texttt{Relations}. - -\item[\tt typeclass\_instances] contains all the type class instances - declared in the environment, including those used for \texttt{setoid\_rewrite}, - from the \texttt{Classes} directory. -\end{description} - -You are advised not to put your own hints in the {\tt core} database, -but use one or several databases specific to your development. - -\subsection{\tt Remove Hints \term$_1$ \mbox{\dots} \term$_n$ :~ \ident$_1$ - \mbox{\dots} \ident$_m$} -\label{RemoveHints} -\comindex{Remove Hints} - -This command removes the hints associated to terms \term$_1$ \mbox{\dots} -\term$_n$ in databases \ident$_1$ \mbox{\dots} \ident$_m$. - -\subsection{\tt Print Hint} -\label{PrintHint} -\comindex{Print Hint} - -This command displays all hints that apply to the current goal. It -fails if no proof is being edited, while the two variants can be used at -every moment. - -\begin{Variants} - -\item {\tt Print Hint \ident} - - This command displays only tactics associated with \ident\ in the - hints list. This is independent of the goal being edited, so this - command will not fail if no goal is being edited. - -\item {\tt Print Hint *} - - This command displays all declared hints. - -\item {\tt Print HintDb \ident} -\label{PrintHintDb} -\comindex{Print HintDb} - - This command displays all hints from database \ident. - -\end{Variants} - -\subsection{\tt Hint Rewrite \term$_1$ \mbox{\dots} \term$_n$ :~ \ident$_1$ \mbox{\dots} \ident$_m$} -\label{HintRewrite} -\comindex{Hint Rewrite} - -This vernacular command adds the terms {\tt \term$_1$ \mbox{\dots} \term$_n$} -(their types must be equalities) in the rewriting bases \ident$_1$, \dots, \ident$_m$ -with the default orientation (left to right). Notice that the -rewriting bases are distinct from the {\tt auto} hint bases and that -{\tt auto} does not take them into account. - -This command is synchronous with the section mechanism (see \ref{Section}): -when closing a section, all aliases created by \texttt{Hint Rewrite} in that -section are lost. Conversely, when loading a module, all \texttt{Hint Rewrite} -declarations at the global level of that module are loaded. - -\begin{Variants} -\item {\tt Hint Rewrite -> \term$_1$ \mbox{\dots} \term$_n$ :~\ident$_1$ \mbox{\dots} \ident$_m$} - -This is strictly equivalent to the command above (we only make explicit the -orientation which otherwise defaults to {\tt ->}). - -\item {\tt Hint Rewrite <- \term$_1$ \mbox{\dots} \term$_n$ :~\ident$_1$ \mbox{\dots} \ident$_m$} - -Adds the rewriting rules {\tt \term$_1$ \mbox{\dots} \term$_n$} with a right-to-left -orientation in the bases \ident$_1$, \dots, \ident$_m$. - -\item {\tt Hint Rewrite \term$_1$ \mbox{\dots} \term$_n$ using {\tac} :~\ident$_1$ \mbox{\dots} \ident$_m$} - -When the rewriting rules {\tt \term$_1$ \mbox{\dots} \term$_n$} in \ident$_1$, \dots, \ident$_m$ will -be used, the tactic {\tt \tac} will be applied to the generated subgoals, the -main subgoal excluded. - -%% \item -%% {\tt Hint Rewrite [ \term$_1$ \dots \term$_n$ ] in \ident}\\ -%% {\tt Hint Rewrite [ \term$_1$ \dots \term$_n$ ] in {\ident} using {\tac}}\\ -%% These are deprecated syntactic variants for -%% {\tt Hint Rewrite \term$_1$ \dots \term$_n$ : \ident} and -%% {\tt Hint Rewrite \term$_1$ \dots \term$_n$ using {\tac} : {\ident}}. - -\item \texttt{Print Rewrite HintDb {\ident}} - - This command displays all rewrite hints contained in {\ident}. - -\end{Variants} - -\subsection{Hint locality -\label{Hint-Locality}} -\optindex{Loose Hint Behavior} - -Hints provided by the \texttt{Hint} commands are erased when closing a -section. Conversely, all hints of a module \texttt{A} that are not -defined inside a section (and not defined with option {\tt Local}) become -available when the module {\tt A} is imported (using -e.g. \texttt{Require Import A.}). - -As of today, hints only have a binary behavior regarding locality, as described -above: either they disappear at the end of a section scope, or they remain -global forever. This causes a scalability issue, because hints coming from an -unrelated part of the code may badly influence another development. It can be -mitigated to some extent thanks to the {\tt Remove Hints} command -(see ~\ref{RemoveHints}), but this is a mere workaround and has some -limitations (for instance, external hints cannot be removed). - -A proper way to fix this issue is to bind the hints to their module scope, as -for most of the other objects Coq uses. Hints should only made available when -the module they are defined in is imported, not just required. It is very -difficult to change the historical behavior, as it would break a lot of scripts. -We propose a smooth transitional path by providing the {\tt Loose Hint Behavior} -option which accepts three flags allowing for a fine-grained handling of -non-imported hints. - -\begin{Variants} - -\item {\tt Set Loose Hint Behavior "Lax"} - - This is the default, and corresponds to the historical behavior, that is, - hints defined outside of a section have a global scope. - -\item {\tt Set Loose Hint Behavior "Warn"} - - When set, it outputs a warning when a non-imported hint is used. Note that - this is an over-approximation, because a hint may be triggered by a run that - will eventually fail and backtrack, resulting in the hint not being actually - useful for the proof. - -\item {\tt Set Loose Hint Behavior "Strict"} - - When set, it changes the behavior of an unloaded hint to a immediate fail - tactic, allowing to emulate an import-scoped hint mechanism. - -\end{Variants} - -\subsection{Setting implicit automation tactics} - -\subsubsection{\tt Proof with {\tac}} -\label{ProofWith} -\comindex{Proof with} - - This command may be used to start a proof. It defines a default - tactic to be used each time a tactic command {\tac$_1$} is ended by - ``\verb#...#''. In this case the tactic command typed by the user is - equivalent to \tac$_1$;{\tac}. - -\SeeAlso {\tt Proof.} in Section~\ref{BeginProof}. - -\begin{Variants} - -\item {\tt Proof with {\tac} using \ident$_1$ \mbox{\dots} \ident$_n$} - - Combines in a single line {\tt Proof with} and {\tt Proof using}, - see~\ref{ProofUsing} - -\item {\tt Proof using \ident$_1$ \mbox{\dots} \ident$_n$ with {\tac}} - - Combines in a single line {\tt Proof with} and {\tt Proof using}, - see~\ref{ProofUsing} - -\end{Variants} - -\subsubsection{\tt Declare Implicit Tactic {\tac}}\label{DeclareImplicit} -\comindex{Declare Implicit Tactic} - -This command declares a tactic to be used to solve implicit arguments -that {\Coq} does not know how to solve by unification. It is used -every time the term argument of a tactic has one of its holes not -fully resolved. - -Here is an example: - -\begin{coq_example} -Parameter quo : nat -> forall n:nat, n<>0 -> nat. -Notation "x // y" := (quo x y _) (at level 40). - -Declare Implicit Tactic assumption. -Goal forall n m, m<>0 -> { q:nat & { r | q * m + r = n } }. -intros. -exists (n // m). -\end{coq_example} -\begin{coq_eval} -Clear Implicit Tactic. -Reset Initial. -\end{coq_eval} - -The tactic {\tt exists (n // m)} did not fail. The hole was solved by -{\tt assumption} so that it behaved as {\tt exists (quo n m H)}. - -\section{Decision procedures} - -\subsection{\tt tauto} -\tacindex{tauto} -\tacindex{dtauto} -\label{tauto} - -This tactic implements a decision procedure for intuitionistic propositional -calculus based on the contraction-free sequent calculi LJT* of Roy Dyckhoff -\cite{Dyc92}. Note that {\tt tauto} succeeds on any instance of an -intuitionistic tautological proposition. {\tt tauto} unfolds negations -and logical equivalence but does not unfold any other definition. - -The following goal can be proved by {\tt tauto} whereas {\tt auto} -would fail: - -\begin{coq_example} -Goal forall (x:nat) (P:nat -> Prop), x = 0 \/ P x -> x <> 0 -> P x. - intros. - tauto. -\end{coq_example} -\begin{coq_eval} -Abort. -\end{coq_eval} - -Moreover, if it has nothing else to do, {\tt tauto} performs -introductions. Therefore, the use of {\tt intros} in the previous -proof is unnecessary. {\tt tauto} can for instance prove the -following: -\begin{coq_example} -(* auto would fail *) -Goal forall (A:Prop) (P:nat -> Prop), - A \/ (forall x:nat, ~ A -> P x) -> forall x:nat, ~ A -> P x. - - tauto. -\end{coq_example} -\begin{coq_eval} -Abort. -\end{coq_eval} - -\Rem In contrast, {\tt tauto} cannot solve the following goal - -\begin{coq_example*} -Goal forall (A:Prop) (P:nat -> Prop), - A \/ (forall x:nat, ~ A -> P x) -> forall x:nat, ~ ~ (A \/ P x). -\end{coq_example*} -\begin{coq_eval} -Abort. -\end{coq_eval} - -because \verb=(forall x:nat, ~ A -> P x)= cannot be treated as atomic and an -instantiation of \verb=x= is necessary. - -\begin{Variants} - -\item {\tt dtauto} - - While {\tt tauto} recognizes inductively defined connectives - isomorphic to the standard connective {\tt and}, {\tt prod}, {\tt - or}, {\tt sum}, {\tt False}, {\tt Empty\_set}, {\tt unit}, {\tt - True}, {\tt dtauto} recognizes also all inductive types with - one constructors and no indices, i.e. record-style connectives. - -\end{Variants} - -\subsection{\tt intuition \tac} -\tacindex{intuition} -\tacindex{dintuition} -\label{intuition} - -The tactic \texttt{intuition} takes advantage of the search-tree built -by the decision procedure involved in the tactic {\tt tauto}. It uses -this information to generate a set of subgoals equivalent to the -original one (but simpler than it) and applies the tactic -{\tac} to them \cite{Mun94}. If this tactic fails on some goals then -{\tt intuition} fails. In fact, {\tt tauto} is simply {\tt intuition - fail}. - -For instance, the tactic {\tt intuition auto} applied to the goal -\begin{verbatim} -(forall (x:nat), P x)/\B -> (forall (y:nat),P y)/\ P O \/B/\ P O -\end{verbatim} -internally replaces it by the equivalent one: -\begin{verbatim} -(forall (x:nat), P x), B |- P O -\end{verbatim} -and then uses {\tt auto} which completes the proof. - -Originally due to C{\'e}sar~Mu{\~n}oz, these tactics ({\tt tauto} and {\tt intuition}) -have been completely re-engineered by David~Delahaye using mainly the tactic -language (see Chapter~\ref{TacticLanguage}). The code is now much shorter and -a significant increase in performance has been noticed. The general behavior -with respect to dependent types, unfolding and introductions has -slightly changed to get clearer semantics. This may lead to some -incompatibilities. - -\begin{Variants} -\item {\tt intuition} - - Is equivalent to {\tt intuition auto with *}. - -\item {\tt dintuition} - - While {\tt intuition} recognizes inductively defined connectives - isomorphic to the standard connective {\tt and}, {\tt prod}, {\tt - or}, {\tt sum}, {\tt False}, {\tt Empty\_set}, {\tt unit}, {\tt - True}, {\tt dintuition} recognizes also all inductive types with - one constructors and no indices, i.e. record-style connectives. - -\end{Variants} - -\optindex{Intuition Negation Unfolding} -\optindex{Intuition Iff Unfolding} - -Some aspects of the tactic {\tt intuition} can be -controlled using options. To avoid that inner negations which do not -need to be unfolded are unfolded, use: - -\begin{quote} -{\tt Unset Intuition Negation Unfolding} -\end{quote} - -To do that all negations of the goal are unfolded even inner ones -(this is the default), use: - -\begin{quote} -{\tt Set Intuition Negation Unfolding} -\end{quote} - -To avoid that inner occurrence of {\tt iff} which do not need to be -unfolded are unfolded (this is the default), use: - -\begin{quote} -{\tt Unset Intuition Iff Unfolding} -\end{quote} - -To do that all negations of the goal are unfolded even inner ones -(this is the default), use: - -\begin{quote} -{\tt Set Intuition Iff Unfolding} -\end{quote} - -% En attente d'un moyen de valoriser les fichiers de demos -%\SeeAlso file \texttt{contrib/Rocq/DEMOS/Demo\_tauto.v} - - -\subsection{\tt rtauto} -\tacindex{rtauto} -\label{rtauto} - -The {\tt rtauto} tactic solves propositional tautologies similarly to what {\tt tauto} does. The main difference is that the proof term is built using a reflection scheme applied to a sequent calculus proof of the goal. The search procedure is also implemented using a different technique. - -Users should be aware that this difference may result in faster proof-search but slower proof-checking, and {\tt rtauto} might not solve goals that {\tt tauto} would be able to solve (e.g. goals involving universal quantifiers). - -\subsection{\tt firstorder} -\tacindex{firstorder} -\label{firstorder} - -The tactic \texttt{firstorder} is an {\it experimental} extension of -\texttt{tauto} to -first-order reasoning, written by Pierre Corbineau. -It is not restricted to usual logical connectives but -instead may reason about any first-order class inductive definition. - -The default tactic used by \texttt{firstorder} when no rule applies is {\tt - auto with *}, it can be reset locally or globally using the {\nobreak - {\tt Set Firstorder Solver {\tac}}} \optindex{Firstorder Solver} -vernacular command and printed using {\nobreak {\tt Print Firstorder - Solver}}. - -\begin{Variants} - \item {\tt firstorder {\tac}} - \tacindex{firstorder {\tac}} - - Tries to solve the goal with {\tac} when no logical rule may apply. - - \item {\tt firstorder using {\qualid}$_1$ , \dots\ , {\qualid}$_n$ } - \tacindex{firstorder using} - - Adds lemmas {\qualid}$_1$ \dots\ {\qualid}$_n$ to the proof-search - environment. If {\qualid}$_i$ refers to an inductive type, it is - the collection of its constructors which are added to the - proof-search environment. - - \item {\tt firstorder with \ident$_1$ \dots\ \ident$_n$ } - \tacindex{firstorder with} - - Adds lemmas from {\tt auto} hint bases \ident$_1$ \dots\ \ident$_n$ - to the proof-search environment. - -\item \texttt{firstorder {\tac} using {\qualid}$_1$ , \dots\ , {\qualid}$_n$ with \ident$_1$ \dots\ \ident$_n$} - - This combines the effects of the different variants of \texttt{firstorder}. - -\end{Variants} - -Proof-search is bounded by a depth parameter which can be set by typing the -{\nobreak \tt Set Firstorder Depth $n$} \optindex{Firstorder Depth} -vernacular command. - - -\subsection{\tt congruence} -\tacindex{congruence} -\label{congruence} - -The tactic {\tt congruence}, by Pierre Corbineau, implements the standard Nelson and Oppen -congruence closure algorithm, which is a decision procedure for ground -equalities with uninterpreted symbols. It also include the constructor theory -(see \ref{injection} and \ref{discriminate}). -If the goal is a non-quantified equality, {\tt congruence} tries to -prove it with non-quantified equalities in the context. Otherwise it -tries to infer a discriminable equality from those in the context. Alternatively, congruence tries to prove that a hypothesis is equal to the goal or to the negation of another hypothesis. - -{\tt congruence} is also able to take advantage of hypotheses stating quantified equalities, you have to provide a bound for the number of extra equalities generated that way. Please note that one of the members of the equality must contain all the quantified variables in order for {\tt congruence} to match against it. - -\begin{coq_eval} -Reset Initial. -Variable A:Set. -Variables a b:A. -Variable f:A->A. -Variable g:A->A->A. -\end{coq_eval} - -\begin{coq_example} -Theorem T: - a=(f a) -> (g b (f a))=(f (f a)) -> (g a b)=(f (g b a)) -> (g a b)=a. -intros. -congruence. -\end{coq_example} - -\begin{coq_eval} -Reset Initial. -Variable A:Set. -Variables a c d:A. -Variable f:A->A*A. -\end{coq_eval} - -\begin{coq_example} -Theorem inj : f = pair a -> Some (f c) = Some (f d) -> c=d. -intros. -congruence. -\end{coq_example} - -\begin{Variants} - \item {\tt congruence {\sl n}} - - Tries to add at most {\tt \sl n} instances of hypotheses stating quantified equalities to the problem in order to solve it. A bigger value of {\tt \sl n} does not make success slower, only failure. You might consider adding some lemmas as hypotheses using {\tt assert} in order for congruence to use them. - -\item {\tt congruence with \term$_1$ \dots\ \term$_n$} - - Adds {\tt \term$_1$ \dots\ \term$_n$} to the pool of terms used by - {\tt congruence}. This helps in case you have partially applied - constructors in your goal. -\end{Variants} - -\begin{ErrMsgs} - \item \errindex{I don't know how to handle dependent equality} - - The decision procedure managed to find a proof of the goal or of - a discriminable equality but this proof could not be built in {\Coq} - because of dependently-typed functions. - - \item \errindex{Goal is solvable by congruence but some arguments are missing. Try "congruence with \dots", replacing metavariables by arbitrary terms.} - - The decision procedure could solve the goal with the provision - that additional arguments are supplied for some partially applied - constructors. Any term of an appropriate type will allow the - tactic to successfully solve the goal. Those additional arguments - can be given to {\tt congruence} by filling in the holes in the - terms given in the error message, using the {\tt with} variant - described above. -\end{ErrMsgs} - -\noindent {\bf Remark: } {\tt congruence} can be made to print debug -information by setting the following option: - -\begin{quote} -\optindex{Congruence Verbose} -{\tt Set Congruence Verbose} -\end{quote} - -\section{Checking properties of terms} - -Each of the following tactics acts as the identity if the check succeeds, and results in an error otherwise. - -\subsection{\tt constr\_eq \term$_1$ \term$_2$} -\tacindex{constr\_eq} -\label{constreq} - -This tactic checks whether its arguments are equal modulo alpha conversion and casts. - -\ErrMsg \errindex{Not equal} - -\subsection{\tt unify \term$_1$ \term$_2$} -\tacindex{unify} -\label{unify} - -This tactic checks whether its arguments are unifiable, potentially -instantiating existential variables. - -\ErrMsg \errindex{Not unifiable} - -\begin{Variants} -\item {\tt unify \term$_1$ \term$_2$ with \ident} - - Unification takes the transparency information defined in the - hint database {\tt \ident} into account (see Section~\ref{HintTransparency}). -\end{Variants} - -\subsection{\tt is\_evar \term} -\tacindex{is\_evar} -\label{isevar} - -This tactic checks whether its argument is a current existential -variable. Existential variables are uninstantiated variables generated -by {\tt eapply} (see Section~\ref{apply}) and some other tactics. - -\ErrMsg \errindex{Not an evar} - -\subsection{\tt has\_evar \term} -\tacindex{has\_evar} -\label{hasevar} - -This tactic checks whether its argument has an existential variable as -a subterm. Unlike {\tt context} patterns combined with {\tt is\_evar}, -this tactic scans all subterms, including those under binders. - -\ErrMsg \errindex{No evars} - -\subsection{\tt is\_var \term} -\tacindex{is\_var} -\label{isvar} - -This tactic checks whether its argument is a variable or hypothesis in the -current goal context or in the opened sections. - -\ErrMsg \errindex{Not a variable or hypothesis} - -\section{Equality} - -\subsection{\tt f\_equal} -\label{f-equal} -\tacindex{f\_equal} - -This tactic applies to a goal of the form $f\ a_1\ \ldots\ a_n = f'\ -a'_1\ \ldots\ a'_n$. Using {\tt f\_equal} on such a goal leads to -subgoals $f=f'$ and $a_1=a'_1$ and so on up to $a_n=a'_n$. Amongst -these subgoals, the simple ones (e.g. provable by -reflexivity or congruence) are automatically solved by {\tt f\_equal}. - -\subsection{\tt reflexivity} -\label{reflexivity} -\tacindex{reflexivity} - -This tactic applies to a goal that has the form {\tt t=u}. It checks -that {\tt t} and {\tt u} are convertible and then solves the goal. -It is equivalent to {\tt apply refl\_equal}. - -\begin{ErrMsgs} -\item \errindex{The conclusion is not a substitutive equation} -\item \errindex{Unable to unify \dots\ with \dots} -\end{ErrMsgs} - -\subsection{\tt symmetry} -\tacindex{symmetry} - -This tactic applies to a goal that has the form {\tt t=u} and changes it -into {\tt u=t}. - -\begin{Variants} -\item {\tt symmetry in \ident} \tacindex{symmetry in} - -If the statement of the hypothesis {\ident} has the form {\tt t=u}, -the tactic changes it to {\tt u=t}. -\end{Variants} - -\subsection{\tt transitivity \term} -\tacindex{transitivity} - -This tactic applies to a goal that has the form {\tt t=u} -and transforms it into the two subgoals -{\tt t={\term}} and {\tt {\term}=u}. - -\section{Equality and inductive sets} - -We describe in this section some special purpose tactics dealing with -equality and inductive sets or types. These tactics use the equality -{\tt eq:forall (A:Type), A->A->Prop}, simply written with the -infix symbol {\tt =}. - -\subsection{\tt decide equality} -\label{decideequality} -\tacindex{decide equality} - -This tactic solves a goal of the form -{\tt forall $x$ $y$:$R$, \{$x$=$y$\}+\{\verb|~|$x$=$y$\}}, where $R$ -is an inductive type such that its constructors do not take proofs or -functions as arguments, nor objects in dependent types. -It solves goals of the form {\tt \{$x$=$y$\}+\{\verb|~|$x$=$y$\}} as well. - -\subsection{\tt compare \term$_1$ \term$_2$} -\tacindex{compare} - -This tactic compares two given objects \term$_1$ and \term$_2$ -of an inductive datatype. If $G$ is the current goal, it leaves the sub-goals -\term$_1${\tt =}\term$_2$ {\tt ->} $G$ and \verb|~|\term$_1${\tt =}\term$_2$ -{\tt ->} $G$. The type -of \term$_1$ and \term$_2$ must satisfy the same restrictions as in the tactic -\texttt{decide equality}. - -\subsection{\tt simplify\_eq \term} -\tacindex{simplify\_eq} -\tacindex{esimplify\_eq} -\label{simplify-eq} - -Let {\term} be the proof of a statement of conclusion {\tt - {\term$_1$}={\term$_2$}}. If {\term$_1$} and -{\term$_2$} are structurally different (in the sense described for the -tactic {\tt discriminate}), then the tactic {\tt simplify\_eq} behaves as {\tt - discriminate {\term}}, otherwise it behaves as {\tt injection - {\term}}. - -\Rem If some quantified hypothesis of the goal is named {\ident}, then -{\tt simplify\_eq {\ident}} first introduces the hypothesis in the local -context using \texttt{intros until \ident}. - -\begin{Variants} -\item \texttt{simplify\_eq} \num - - This does the same thing as \texttt{intros until \num} then -\texttt{simplify\_eq \ident} where {\ident} is the identifier for the last -introduced hypothesis. - -\item \texttt{simplify\_eq} \term{} {\tt with} {\bindinglist} - - This does the same as \texttt{simplify\_eq {\term}} but using - the given bindings to instantiate parameters or hypotheses of {\term}. - -\item \texttt{esimplify\_eq} \num\\ - \texttt{esimplify\_eq} \term{} \zeroone{{\tt with} {\bindinglist}} - - This works the same as {\tt simplify\_eq} but if the type of {\term}, - or the type of the hypothesis referred to by {\num}, has uninstantiated - parameters, these parameters are left as existential variables. - -\item{\tt simplify\_eq} - -If the current goal has form $t_1\verb=<>=t_2$, it behaves as -\texttt{intro {\ident}; simplify\_eq {\ident}}. -\end{Variants} - -\subsection{\tt dependent rewrite -> \ident} -\tacindex{dependent rewrite ->} -\label{dependent-rewrite} - -This tactic applies to any goal. If \ident\ has type -\verb+(existT B a b)=(existT B a' b')+ -in the local context (i.e. each term of the -equality has a sigma type $\{ a:A~ \&~(B~a)\}$) this tactic rewrites -\verb+a+ into \verb+a'+ and \verb+b+ into \verb+b'+ in the current -goal. This tactic works even if $B$ is also a sigma type. This kind -of equalities between dependent pairs may be derived by the injection -and inversion tactics. - -\begin{Variants} -\item{\tt dependent rewrite <- {\ident}} -\tacindex{dependent rewrite <-} - -Analogous to {\tt dependent rewrite ->} but uses the equality from -right to left. -\end{Variants} - -\section{Inversion -\label{inversion}} - -\subsection{\tt functional inversion \ident} -\tacindex{functional inversion} -\label{sec:functional-inversion} - -\texttt{functional inversion} is a tactic -that performs inversion on hypothesis {\ident} of the form -\texttt{\qualid\ \term$_1$\dots\term$_n$\ = \term} or \texttt{\term\ = - \qualid\ \term$_1$\dots\term$_n$} where \qualid\ must have been -defined using \texttt{Function} (see Section~\ref{Function}). -Note that this tactic is only available after a {\tt Require Import FunInd}. - -\begin{ErrMsgs} -\item \errindex{Hypothesis {\ident} must contain at least one Function} - -\item \errindex{Cannot find inversion information for hypothesis \ident} - - This error may be raised when some inversion lemma failed to be - generated by Function. -\end{ErrMsgs} - -\begin{Variants} -\item {\tt functional inversion \num} - - This does the same thing as \texttt{intros until \num} then - \texttt{functional inversion \ident} where {\ident} is the - identifier for the last introduced hypothesis. -\item {\tt functional inversion \ident\ \qualid}\\ - {\tt functional inversion \num\ \qualid} - - If the hypothesis {\ident} (or {\num}) has a type of the form - \texttt{\qualid$_1$\ \term$_1$\dots\term$_n$\ =\ \qualid$_2$\ - \term$_{n+1}$\dots\term$_{n+m}$} where \qualid$_1$ and \qualid$_2$ - are valid candidates to functional inversion, this variant allows - choosing which {\qualid} is inverted. -\end{Variants} - - - -\subsection{\tt quote \ident} -\tacindex{quote} -\index{2-level approach} - -This kind of inversion has nothing to do with the tactic -\texttt{inversion} above. This tactic does \texttt{change (\ident\ - t)}, where \texttt{t} is a term built in order to ensure the -convertibility. In other words, it does inversion of the function -\ident. This function must be a fixpoint on a simple recursive -datatype: see~\ref{quote-examples} for the full details. - -\begin{ErrMsgs} -\item \errindex{quote: not a simple fixpoint} - - Happens when \texttt{quote} is not able to perform inversion properly. -\end{ErrMsgs} - -\begin{Variants} -\item \texttt{quote {\ident} [ \ident$_1$ \dots \ident$_n$ ]} - - All terms that are built only with \ident$_1$ \dots \ident$_n$ will be - considered by \texttt{quote} as constants rather than variables. -\end{Variants} - -% En attente d'un moyen de valoriser les fichiers de demos -% \SeeAlso file \texttt{theories/DEMOS/DemoQuote.v} in the distribution - -\section{Classical tactics} -\label{ClassicalTactics} - -In order to ease the proving process, when the {\tt Classical} module is loaded. A few more tactics are available. Make sure to load the module using the \texttt{Require Import} command. - -\subsection{{\tt classical\_left} and \tt classical\_right} -\tacindex{classical\_left} -\tacindex{classical\_right} - -The tactics \texttt{classical\_left} and \texttt{classical\_right} are the analog of the \texttt{left} and \texttt{right} but using classical logic. They can only be used for disjunctions. -Use \texttt{classical\_left} to prove the left part of the disjunction with the assumption that the negation of right part holds. -Use \texttt{classical\_right} to prove the right part of the disjunction with the assumption that the negation of left part holds. - -\section{Automatizing -\label{Automatizing}} - -% EXISTE ENCORE ? -% -% \subsection{\tt Prolog [ \term$_1$ \dots\ \term$_n$ ] \num} -% \tacindex{Prolog}\label{Prolog} -% This tactic, implemented by Chet Murthy, is based upon the concept of -% existential variables of Gilles Dowek, stating that resolution is a -% kind of unification. It tries to solve the current goal using the {\tt -% Assumption} tactic, the {\tt intro} tactic, and applying hypotheses -% of the local context and terms of the given list {\tt [ \term$_1$ -% \dots\ \term$_n$\ ]}. It is more powerful than {\tt auto} since it -% may apply to any theorem, even those of the form {\tt (x:A)(P x) -> Q} -% where {\tt x} does not appear free in {\tt Q}. The maximal search -% depth is {\tt \num}. - -% \begin{ErrMsgs} -% \item \errindex{Prolog failed}\\ -% The Prolog tactic was not able to prove the subgoal. -% \end{ErrMsgs} - - -%% \subsection{{\tt jp} {\em (Jprover)} -%% \tacindex{jp} -%% \label{jprover}} - -%% The tactic \texttt{jp}, due to Huang Guan-Shieng, is an experimental -%% port of the {\em Jprover}\cite{SLKN01} semi-decision procedure for -%% first-order intuitionistic logic implemented in {\em -%% NuPRL}\cite{Kre02}. - -%% The tactic \texttt{jp}, due to Huang Guan-Shieng, is an {\it -%% experimental} port of the {\em Jprover}\cite{SLKN01} semi-decision -%% procedure for first-order intuitionistic logic implemented in {\em -%% NuPRL}\cite{Kre02}. - -%% Search may optionally be bounded by a multiplicity parameter -%% indicating how many (at most) copies of a formula may be used in -%% the proof process, its absence may lead to non-termination of the tactic. - -%% %\begin{coq_eval} -%% %Variable S:Set. -%% %Variables P Q:S->Prop. -%% %Variable f:S->S. -%% %\end{coq_eval} - -%% %\begin{coq_example*} -%% %Lemma example: (exists x |P x\/Q x)->(exists x |P x)\/(exists x |Q x). -%% %jp. -%% %Qed. - -%% %Lemma example2: (forall x ,P x->P (f x))->forall x,P x->P (f(f x)). -%% %jp. -%% %Qed. -%% %\end{coq_example*} - -%% \begin{Variants} -%% \item {\tt jp $n$}\\ -%% \tacindex{jp $n$} -%% Tries the {\em Jprover} procedure with multiplicities up to $n$, -%% starting from 1. -%% \item {\tt jp}\\ -%% Tries the {\em Jprover} procedure without multiplicity bound, -%% possibly running forever. -%% \end{Variants} - -%% \begin{ErrMsgs} -%% \item \errindex{multiplicity limit reached}\\ -%% The procedure tried all multiplicities below the limit and -%% failed. Goal might be solved by increasing the multiplicity limit. -%% \item \errindex{formula is not provable}\\ -%% The procedure determined that goal was not provable in -%% intuitionistic first-order logic, no matter how big the -%% multiplicity is. -%% \end{ErrMsgs} - - -% \subsection[\tt Linear]{\tt Linear\tacindex{Linear}\label{Linear}} -% The tactic \texttt{Linear}, due to Jean-Christophe Filli{\^a}atre -% \cite{Fil94}, implements a decision procedure for {\em Direct -% Predicate Calculus}, that is first-order Gentzen's Sequent Calculus -% without contraction rules \cite{KeWe84,BeKe92}. Intuitively, a -% first-order goal is provable in Direct Predicate Calculus if it can be -% proved using each hypothesis at most once. - -% Unlike the previous tactics, the \texttt{Linear} tactic does not belong -% to the initial state of the system, and it must be loaded explicitly -% with the command - -% \begin{coq_example*} -% Require Linear. -% \end{coq_example*} - -% For instance, assuming that \texttt{even} and \texttt{odd} are two -% predicates on natural numbers, and \texttt{a} of type \texttt{nat}, the -% tactic \texttt{Linear} solves the following goal - -% \begin{coq_eval} -% Variables even,odd : nat -> Prop. -% Variable a:nat. -% \end{coq_eval} - -% \begin{coq_example*} -% Lemma example : (even a) -% -> ((x:nat)((even x)->(odd (S x)))) -% -> (EX y | (odd y)). -% \end{coq_example*} - -% You can find examples of the use of \texttt{Linear} in -% \texttt{theories/DEMOS/DemoLinear.v}. -% \begin{coq_eval} -% Abort. -% \end{coq_eval} - -% \begin{Variants} -% \item {\tt Linear with \ident$_1$ \dots\ \ident$_n$}\\ -% \tacindex{Linear with} -% Is equivalent to apply first {\tt generalize \ident$_1$ \dots -% \ident$_n$} (see Section~\ref{generalize}) then the \texttt{Linear} -% tactic. So one can use axioms, lemmas or hypotheses of the local -% context with \texttt{Linear} in this way. -% \end{Variants} - -% \begin{ErrMsgs} -% \item \errindex{Not provable in Direct Predicate Calculus} -% \item \errindex{Found $n$ classical proof(s) but no intuitionistic one}\\ -% The decision procedure looks actually for classical proofs of the -% goals, and then checks that they are intuitionistic. In that case, -% classical proofs have been found, which do not correspond to -% intuitionistic ones. -% \end{ErrMsgs} - - -\subsection{\tt btauto} -\tacindex{btauto} -\label{btauto} - -The tactic \texttt{btauto} implements a reflexive solver for boolean tautologies. It -solves goals of the form {\tt t = u} where {\tt t} and {\tt u} are constructed -over the following grammar: - -$$\mathtt{t} ::= x \mid \mathtt{true} \mid \mathtt{false}\mid \mathtt{orb\ t_1\ t_2} -\mid \mathtt{andb\ t_1\ t_2} \mid\mathtt{xorb\ t_1\ t_2} \mid\mathtt{negb\ t} -\mid\mathtt{if\ t_1\ then\ t_2\ else\ t_3} -$$ - -Whenever the formula supplied is not a tautology, it also provides a counter-example. - -Internally, it uses a system very similar to the one of the {\tt ring} tactic. - -\subsection{\tt omega} -\tacindex{omega} -\label{omega} - -The tactic \texttt{omega}, due to Pierre Cr{\'e}gut, -is an automatic decision procedure for Presburger -arithmetic. It solves quantifier-free -formulas built with \verb|~|, \verb|\/|, \verb|/\|, -\verb|->| on top of equalities, inequalities and disequalities on -both the type \texttt{nat} of natural numbers and \texttt{Z} of binary -integers. This tactic must be loaded by the command \texttt{Require Import - Omega}. See the additional documentation about \texttt{omega} -(see Chapter~\ref{OmegaChapter}). - -\subsection{{\tt ring} and \tt ring\_simplify \term$_1$ \mbox{\dots} \term$_n$} -\tacindex{ring} -\tacindex{ring\_simplify} -\comindex{Add Ring} -\comindex{Print Rings} - -The {\tt ring} tactic solves equations upon polynomial expressions of -a ring (or semi-ring) structure. It proceeds by normalizing both hand -sides of the equation (w.r.t. associativity, commutativity and -distributivity, constant propagation) and comparing syntactically the -results. - -{\tt ring\_simplify} applies the normalization procedure described -above to the terms given. The tactic then replaces all occurrences of -the terms given in the conclusion of the goal by their normal -forms. If no term is given, then the conclusion should be an equation -and both hand sides are normalized. - -See Chapter~\ref{ring} for more information on the tactic and how to -declare new ring structures. All declared field structures can be -printed with the {\tt Print Rings} command. - -\subsection{{\tt field}, {\tt field\_simplify \term$_1$ \mbox{\dots} - \term$_n$}, and \tt field\_simplify\_eq} -\tacindex{field} -\tacindex{field\_simplify} -\tacindex{field\_simplify\_eq} -\comindex{Add Field} -\comindex{Print Fields} - -The {\tt field} tactic is built on the same ideas as {\tt ring}: this -is a reflexive tactic that solves or simplifies equations in a field -structure. The main idea is to reduce a field expression (which is an -extension of ring expressions with the inverse and division -operations) to a fraction made of two polynomial expressions. - -Tactic {\tt field} is used to solve subgoals, whereas {\tt - field\_simplify \term$_1$\dots\term$_n$} replaces the provided terms -by their reduced fraction. {\tt field\_simplify\_eq} applies when the -conclusion is an equation: it simplifies both hand sides and multiplies -so as to cancel denominators. So it produces an equation without -division nor inverse. - -All of these 3 tactics may generate a subgoal in order to prove that -denominators are different from zero. - -See Chapter~\ref{ring} for more information on the tactic and how to -declare new field structures. All declared field structures can be -printed with the {\tt Print Fields} command. - -\Example -\begin{coq_example*} -Require Import Reals. -Goal forall x y:R, - (x * y > 0)%R -> - (x * (1 / x + x / (x + y)))%R = - ((- 1 / y) * y * (- x * (x / (x + y)) - 1))%R. -\end{coq_example*} - -\begin{coq_example} -intros; field. -\end{coq_example} - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - -\SeeAlso file {\tt plugins/setoid\_ring/RealField.v} for an example of instantiation,\\ -\phantom{\SeeAlso}theory {\tt theories/Reals} for many examples of use of {\tt -field}. - -\subsection{\tt fourier} -\tacindex{fourier} - -This tactic written by Lo{\"\i}c Pottier solves linear inequalities on -real numbers using Fourier's method~\cite{Fourier}. This tactic must -be loaded by {\tt Require Import Fourier}. - -\Example -\begin{coq_example*} -Require Import Reals. -Require Import Fourier. -Goal forall x y:R, (x < y)%R -> (y + 1 >= x - 1)%R. -\end{coq_example*} - -\begin{coq_example} -intros; fourier. -\end{coq_example} - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - -\section{Non-logical tactics} - -\subsection[\tt cycle \num]{\tt cycle \num\tacindex{cycle}} - -This tactic puts the {\num} first goals at the end of the list of -goals. If {\num} is negative, it will put the last $\left|\num\right|$ goals at -the beginning of the list. - -\Example -\begin{coq_example*} -Parameter P : nat -> Prop. -Goal P 1 /\ P 2 /\ P 3 /\ P 4 /\ P 5. -\end{coq_example*} -\begin{coq_example} -repeat split. -all: cycle 2. -all: cycle -3. -\end{coq_example} - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - -\subsection[\tt swap \num$_1$ \num$_2$]{\tt swap \num$_1$ \num$_2$\tacindex{swap}} - -This tactic switches the position of the goals of indices $\num_1$ and $\num_2$. If either $\num_1$ or $\num_2$ is negative then goals are counted from the end of the focused goal list. Goals are indexed from $1$, there is no goal with position $0$. - -\Example -\begin{coq_example*} -Parameter P : nat -> Prop. -Goal P 1 /\ P 2 /\ P 3 /\ P 4 /\ P 5. -\end{coq_example*} -\begin{coq_example} -repeat split. -all: swap 1 3. -all: swap 1 -1. -\end{coq_example} - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - -\subsection[\tt revgoals]{\tt revgoals\tacindex{revgoals}} - -This tactics reverses the list of the focused goals. - -\Example -\begin{coq_example*} -Parameter P : nat -> Prop. -Goal P 1 /\ P 2 /\ P 3 /\ P 4 /\ P 5. -\end{coq_example*} -\begin{coq_example} -repeat split. -all: revgoals. -\end{coq_example} - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - - - -\subsection[\tt shelve]{\tt shelve\tacindex{shelve}\label{shelve}} - -This tactic moves all goals under focus to a shelf. While on the shelf, goals -will not be focused on. They can be solved by unification, or they can be called -back into focus with the command {\tt Unshelve} (Section~\ref{unshelve}). - -\begin{Variants} - \item \texttt{shelve\_unifiable}\tacindex{shelve\_unifiable} - - Shelves only the goals under focus that are mentioned in other goals. - Goals that appear in the type of other goals can be solved by unification. - -\Example -\begin{coq_example} -Goal exists n, n=0. -refine (ex_intro _ _ _). -all:shelve_unifiable. -reflexivity. -\end{coq_example} - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - -\end{Variants} - -\subsection[\tt Unshelve]{\tt Unshelve\comindex{Unshelve}\label{unshelve}} - -This command moves all the goals on the shelf (see Section~\ref{shelve}) from the -shelf into focus, by appending them to the end of the current list of focused goals. - -\subsection[\tt give\_up]{\tt give\_up\tacindex{give\_up}} - -This tactic removes the focused goals from the proof. They are not solved, and cannot -be solved later in the proof. As the goals are not solved, the proof cannot be closed. - -The {\tt give\_up} tactic can be used while editing a proof, to choose to write the -proof script in a non-sequential order. - -\section{Simple tactic macros} -\index{Tactic macros} -\label{TacticDefinition} - -A simple example has more value than a long explanation: - -\begin{coq_example} -Ltac Solve := simpl; intros; auto. -Ltac ElimBoolRewrite b H1 H2 := - elim b; [ intros; rewrite H1; eauto | intros; rewrite H2; eauto ]. -\end{coq_example} - -The tactics macros are synchronous with the \Coq\ section mechanism: -a tactic definition is deleted from the current environment -when you close the section (see also \ref{Section}) -where it was defined. If you want that a -tactic macro defined in a module is usable in the modules that -require it, you should put it outside of any section. - -Chapter~\ref{TacticLanguage} gives examples of more complex -user-defined tactics. - - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% TeX-master: "Reference-Manual" -%%% End: diff --git a/doc/refman/RefMan-tacex.tex b/doc/refman/RefMan-tacex.tex deleted file mode 100644 index 7cdb1a5274..0000000000 --- a/doc/refman/RefMan-tacex.tex +++ /dev/null @@ -1,930 +0,0 @@ -\chapter[Detailed examples of tactics]{Detailed examples of tactics\label{Tactics-examples}} -%HEVEA\cutname{tactic-examples.html} - -This chapter presents detailed examples of certain tactics, to -illustrate their behavior. - -\section[\tt dependent induction]{\tt dependent induction\label{dependent-induction-example}} -\def\depind{{\tt dependent induction}~} -\def\depdestr{{\tt dependent destruction}~} - -The tactics \depind and \depdestr are another solution for inverting -inductive predicate instances and potentially doing induction at the -same time. It is based on the \texttt{BasicElim} tactic of Conor McBride which -works by abstracting each argument of an inductive instance by a variable -and constraining it by equalities afterwards. This way, the usual -{\tt induction} and {\tt destruct} tactics can be applied to the -abstracted instance and after simplification of the equalities we get -the expected goals. - -The abstracting tactic is called {\tt generalize\_eqs} and it takes as -argument an hypothesis to generalize. It uses the {\tt JMeq} datatype -defined in {\tt Coq.Logic.JMeq}, hence we need to require it before. -For example, revisiting the first example of the inversion documentation above: - -\begin{coq_example*} -Require Import Coq.Logic.JMeq. -\end{coq_example*} -\begin{coq_eval} -Require Import Coq.Program.Equality. -\end{coq_eval} - -\begin{coq_eval} -Inductive Le : nat -> nat -> Set := - | LeO : forall n:nat, Le 0 n - | LeS : forall n m:nat, Le n m -> Le (S n) (S m). -Variable P : nat -> nat -> Prop. -Variable Q : forall n m:nat, Le n m -> Prop. -\end{coq_eval} - -\begin{coq_example*} -Goal forall n m:nat, Le (S n) m -> P n m. -intros n m H. -\end{coq_example*} -\begin{coq_example} -generalize_eqs H. -\end{coq_example} - -The index {\tt S n} gets abstracted by a variable here, but a -corresponding equality is added under the abstract instance so that no -information is actually lost. The goal is now almost amenable to do induction -or case analysis. One should indeed first move {\tt n} into the goal to -strengthen it before doing induction, or {\tt n} will be fixed in -the inductive hypotheses (this does not matter for case analysis). -As a rule of thumb, all the variables that appear inside constructors in -the indices of the hypothesis should be generalized. This is exactly -what the \texttt{generalize\_eqs\_vars} variant does: - -\begin{coq_eval} -Undo 1. -\end{coq_eval} -\begin{coq_example} -generalize_eqs_vars H. -induction H. -\end{coq_example} - -As the hypothesis itself did not appear in the goal, we did not need to -use an heterogeneous equality to relate the new hypothesis to the old -one (which just disappeared here). However, the tactic works just as well -in this case, e.g.: - -\begin{coq_eval} -Admitted. -\end{coq_eval} - -\begin{coq_example} -Goal forall n m (p : Le (S n) m), Q (S n) m p. -intros n m p ; generalize_eqs_vars p. -\end{coq_example} - -One drawback of this approach is that in the branches one will have to -substitute the equalities back into the instance to get the right -assumptions. Sometimes injection of constructors will also be needed to -recover the needed equalities. Also, some subgoals should be directly -solved because of inconsistent contexts arising from the constraints on -indexes. The nice thing is that we can make a tactic based on -discriminate, injection and variants of substitution to automatically -do such simplifications (which may involve the K axiom). -This is what the {\tt simplify\_dep\_elim} tactic from -{\tt Coq.Program.Equality} does. For example, we might simplify the -previous goals considerably: -% \begin{coq_eval} -% Abort. -% Goal forall n m:nat, Le (S n) m -> P n m. -% intros n m H ; generalize_eqs_vars H. -% \end{coq_eval} - -\begin{coq_example} -induction p ; simplify_dep_elim. -\end{coq_example} - -The higher-order tactic {\tt do\_depind} defined in {\tt - Coq.Program.Equality} takes a tactic and combines the -building blocks we have seen with it: generalizing by equalities -calling the given tactic with the -generalized induction hypothesis as argument and cleaning the subgoals -with respect to equalities. Its most important instantiations are -\depind and \depdestr that do induction or simply case analysis on the -generalized hypothesis. For example we can redo what we've done manually -with \depdestr: - -\begin{coq_eval} -Abort. -\end{coq_eval} -\begin{coq_example*} -Require Import Coq.Program.Equality. -Lemma ex : forall n m:nat, Le (S n) m -> P n m. -intros n m H. -\end{coq_example*} -\begin{coq_example} -dependent destruction H. -\end{coq_example} -\begin{coq_eval} -Abort. -\end{coq_eval} - -This gives essentially the same result as inversion. Now if the -destructed hypothesis actually appeared in the goal, the tactic would -still be able to invert it, contrary to {\tt dependent - inversion}. Consider the following example on vectors: - -\begin{coq_example*} -Require Import Coq.Program.Equality. -Set Implicit Arguments. -Variable A : Set. -Inductive vector : nat -> Type := -| vnil : vector 0 -| vcons : A -> forall n, vector n -> vector (S n). -Goal forall n, forall v : vector (S n), - exists v' : vector n, exists a : A, v = vcons a v'. - intros n v. -\end{coq_example*} -\begin{coq_example} - dependent destruction v. -\end{coq_example} -\begin{coq_eval} -Abort. -\end{coq_eval} - -In this case, the {\tt v} variable can be replaced in the goal by the -generalized hypothesis only when it has a type of the form {\tt vector - (S n)}, that is only in the second case of the {\tt destruct}. The -first one is dismissed because {\tt S n <> 0}. - -\subsection{A larger example} - -Let's see how the technique works with {\tt induction} on inductive -predicates on a real example. We will develop an example application to the -theory of simply-typed lambda-calculus formalized in a dependently-typed style: - -\begin{coq_example*} -Inductive type : Type := -| base : type -| arrow : type -> type -> type. -Notation " t --> t' " := (arrow t t') (at level 20, t' at next level). -Inductive ctx : Type := -| empty : ctx -| snoc : ctx -> type -> ctx. -Notation " G , tau " := (snoc G tau) (at level 20, tau at next level). -Fixpoint conc (G D : ctx) : ctx := - match D with - | empty => G - | snoc D' x => snoc (conc G D') x - end. -Notation " G ; D " := (conc G D) (at level 20). -Inductive term : ctx -> type -> Type := -| ax : forall G tau, term (G, tau) tau -| weak : forall G tau, - term G tau -> forall tau', term (G, tau') tau -| abs : forall G tau tau', - term (G , tau) tau' -> term G (tau --> tau') -| app : forall G tau tau', - term G (tau --> tau') -> term G tau -> term G tau'. -\end{coq_example*} - -We have defined types and contexts which are snoc-lists of types. We -also have a {\tt conc} operation that concatenates two contexts. -The {\tt term} datatype represents in fact the possible typing -derivations of the calculus, which are isomorphic to the well-typed -terms, hence the name. A term is either an application of: -\begin{itemize} -\item the axiom rule to type a reference to the first variable in a context, -\item the weakening rule to type an object in a larger context -\item the abstraction or lambda rule to type a function -\item the application to type an application of a function to an argument -\end{itemize} - -Once we have this datatype we want to do proofs on it, like weakening: - -\begin{coq_example*} -Lemma weakening : forall G D tau, term (G ; D) tau -> - forall tau', term (G , tau' ; D) tau. -\end{coq_example*} -\begin{coq_eval} - Abort. -\end{coq_eval} - -The problem here is that we can't just use {\tt induction} on the typing -derivation because it will forget about the {\tt G ; D} constraint -appearing in the instance. A solution would be to rewrite the goal as: -\begin{coq_example*} -Lemma weakening' : forall G' tau, term G' tau -> - forall G D, (G ; D) = G' -> - forall tau', term (G, tau' ; D) tau. -\end{coq_example*} -\begin{coq_eval} - Abort. -\end{coq_eval} - -With this proper separation of the index from the instance and the right -induction loading (putting {\tt G} and {\tt D} after the inducted-on -hypothesis), the proof will go through, but it is a very tedious -process. One is also forced to make a wrapper lemma to get back the -more natural statement. The \depind tactic alleviates this trouble by -doing all of this plumbing of generalizing and substituting back automatically. -Indeed we can simply write: - -\begin{coq_example*} -Require Import Coq.Program.Tactics. -Lemma weakening : forall G D tau, term (G ; D) tau -> - forall tau', term (G , tau' ; D) tau. -Proof with simpl in * ; simpl_depind ; auto. - intros G D tau H. dependent induction H generalizing G D ; intros. -\end{coq_example*} - -This call to \depind has an additional arguments which is a list of -variables appearing in the instance that should be generalized in the -goal, so that they can vary in the induction hypotheses. By default, all -variables appearing inside constructors (except in a parameter position) -of the instantiated hypothesis will be generalized automatically but -one can always give the list explicitly. - -\begin{coq_example} - Show. -\end{coq_example} - -The {\tt simpl\_depind} tactic includes an automatic tactic that tries -to simplify equalities appearing at the beginning of induction -hypotheses, generally using trivial applications of -reflexivity. In cases where the equality is not between constructor -forms though, one must help the automation by giving -some arguments, using the {\tt specialize} tactic for example. - -\begin{coq_example*} -destruct D... apply weak ; apply ax. apply ax. -destruct D... -\end{coq_example*} -\begin{coq_example} -Show. -\end{coq_example} -\begin{coq_example} - specialize (IHterm G0 empty eq_refl). -\end{coq_example} - -Once the induction hypothesis has been narrowed to the right equality, -it can be used directly. - -\begin{coq_example} - apply weak, IHterm. -\end{coq_example} - -If there is an easy first-order solution to these equations as in this subgoal, the -{\tt specialize\_eqs} tactic can be used instead of giving explicit proof -terms: - -\begin{coq_example} - specialize_eqs IHterm. -\end{coq_example} -This concludes our example. -\SeeAlso The induction \ref{elim}, case \ref{case} and inversion \ref{inversion} tactics. - -\section[\tt autorewrite]{\tt autorewrite\label{autorewrite-example}} - -Here are two examples of {\tt autorewrite} use. The first one ({\em Ackermann -function}) shows actually a quite basic use where there is no conditional -rewriting. The second one ({\em Mac Carthy function}) involves conditional -rewritings and shows how to deal with them using the optional tactic of the -{\tt Hint~Rewrite} command. - -\firstexample -\example{Ackermann function} -%Here is a basic use of {\tt AutoRewrite} with the Ackermann function: - -\begin{coq_example*} -Reset Initial. -Require Import Arith. -Variable Ack : - nat -> nat -> nat. -Axiom Ack0 : - forall m:nat, Ack 0 m = S m. -Axiom Ack1 : forall n:nat, Ack (S n) 0 = Ack n 1. -Axiom Ack2 : forall n m:nat, Ack (S n) (S m) = Ack n (Ack (S n) m). -\end{coq_example*} - -\begin{coq_example} -Hint Rewrite Ack0 Ack1 Ack2 : base0. -Lemma ResAck0 : - Ack 3 2 = 29. -autorewrite with base0 using try reflexivity. -\end{coq_example} - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - -\example{Mac Carthy function} -%The Mac Carthy function shows a more complex case: - -\begin{coq_example*} -Require Import Omega. -Variable g : - nat -> nat -> nat. -Axiom g0 : - forall m:nat, g 0 m = m. -Axiom - g1 : - forall n m:nat, - (n > 0) -> (m > 100) -> g n m = g (pred n) (m - 10). -Axiom - g2 : - forall n m:nat, - (n > 0) -> (m <= 100) -> g n m = g (S n) (m + 11). -\end{coq_example*} - -\begin{coq_example} -Hint Rewrite g0 g1 g2 using omega : base1. -Lemma Resg0 : - g 1 110 = 100. -autorewrite with base1 using reflexivity || simpl. -\end{coq_example} - -\begin{coq_eval} -Abort. -\end{coq_eval} - -\begin{coq_example} -Lemma Resg1 : g 1 95 = 91. -autorewrite with base1 using reflexivity || simpl. -\end{coq_example} - -\begin{coq_eval} -Reset Initial. -\end{coq_eval} - -\section[\tt quote]{\tt quote\tacindex{quote} -\label{quote-examples}} - -The tactic \texttt{quote} allows using Barendregt's so-called -2-level approach without writing any ML code. Suppose you have a -language \texttt{L} of -'abstract terms' and a type \texttt{A} of 'concrete terms' -and a function \texttt{f : L -> A}. If \texttt{L} is a simple -inductive datatype and \texttt{f} a simple fixpoint, \texttt{quote f} -will replace the head of current goal by a convertible term of the form -\texttt{(f t)}. \texttt{L} must have a constructor of type: \texttt{A - -> L}. - -Here is an example: - -\begin{coq_example} -Require Import Quote. -Parameters A B C : Prop. -Inductive formula : Type := - | f_and : formula -> formula -> formula (* binary constructor *) - | f_or : formula -> formula -> formula - | f_not : formula -> formula (* unary constructor *) - | f_true : formula (* 0-ary constructor *) - | f_const : Prop -> formula (* constructor for constants *). -Fixpoint interp_f (f: - formula) : Prop := - match f with - | f_and f1 f2 => interp_f f1 /\ interp_f f2 - | f_or f1 f2 => interp_f f1 \/ interp_f f2 - | f_not f1 => ~ interp_f f1 - | f_true => True - | f_const c => c - end. -Goal A /\ (A \/ True) /\ ~ B /\ (A <-> A). -quote interp_f. -\end{coq_example} - -The algorithm to perform this inversion is: try to match the -term with right-hand sides expression of \texttt{f}. If there is a -match, apply the corresponding left-hand side and call yourself -recursively on sub-terms. If there is no match, we are at a leaf: -return the corresponding constructor (here \texttt{f\_const}) applied -to the term. - -\begin{ErrMsgs} -\item \errindex{quote: not a simple fixpoint} \\ - Happens when \texttt{quote} is not able to perform inversion properly. -\end{ErrMsgs} - -\subsection{Introducing variables map} - -The normal use of \texttt{quote} is to make proofs by reflection: one -defines a function \texttt{simplify : formula -> formula} and proves a -theorem \texttt{simplify\_ok: (f:formula)(interp\_f (simplify f)) -> - (interp\_f f)}. Then, one can simplify formulas by doing: -\begin{verbatim} - quote interp_f. - apply simplify_ok. - compute. -\end{verbatim} -But there is a problem with leafs: in the example above one cannot -write a function that implements, for example, the logical simplifications -$A \land A \ra A$ or $A \land \lnot A \ra \texttt{False}$. This is -because the \Prop{} is impredicative. - -It is better to use that type of formulas: - -\begin{coq_eval} -Reset formula. -\end{coq_eval} -\begin{coq_example} -Inductive formula : Set := - | f_and : formula -> formula -> formula - | f_or : formula -> formula -> formula - | f_not : formula -> formula - | f_true : formula - | f_atom : index -> formula. -\end{coq_example*} - -\texttt{index} is defined in module \texttt{quote}. Equality on that -type is decidable so we are able to simplify $A \land A$ into $A$ at -the abstract level. - -When there are variables, there are bindings, and \texttt{quote} -provides also a type \texttt{(varmap A)} of bindings from -\texttt{index} to any set \texttt{A}, and a function -\texttt{varmap\_find} to search in such maps. The interpretation -function has now another argument, a variables map: - -\begin{coq_example} -Fixpoint interp_f (vm: - varmap Prop) (f:formula) {struct f} : Prop := - match f with - | f_and f1 f2 => interp_f vm f1 /\ interp_f vm f2 - | f_or f1 f2 => interp_f vm f1 \/ interp_f vm f2 - | f_not f1 => ~ interp_f vm f1 - | f_true => True - | f_atom i => varmap_find True i vm - end. -\end{coq_example} - -\noindent\texttt{quote} handles this second case properly: - -\begin{coq_example} -Goal A /\ (B \/ A) /\ (A \/ ~ B). -quote interp_f. -\end{coq_example} - -It builds \texttt{vm} and \texttt{t} such that \texttt{(f vm t)} is -convertible with the conclusion of current goal. - -\subsection{Combining variables and constants} - -One can have both variables and constants in abstracts terms; that is -the case, for example, for the \texttt{ring} tactic (chapter -\ref{ring}). Then one must provide to \texttt{quote} a list of -\emph{constructors of constants}. For example, if the list is -\texttt{[O S]} then closed natural numbers will be considered as -constants and other terms as variables. - -Example: - -\begin{coq_eval} -Reset formula. -\end{coq_eval} -\begin{coq_example*} -Inductive formula : Type := - | f_and : formula -> formula -> formula - | f_or : formula -> formula -> formula - | f_not : formula -> formula - | f_true : formula - | f_const : Prop -> formula (* constructor for constants *) - | f_atom : index -> formula. -Fixpoint interp_f - (vm: (* constructor for variables *) - varmap Prop) (f:formula) {struct f} : Prop := - match f with - | f_and f1 f2 => interp_f vm f1 /\ interp_f vm f2 - | f_or f1 f2 => interp_f vm f1 \/ interp_f vm f2 - | f_not f1 => ~ interp_f vm f1 - | f_true => True - | f_const c => c - | f_atom i => varmap_find True i vm - end. -Goal -A /\ (A \/ True) /\ ~ B /\ (C <-> C). -\end{coq_example*} - -\begin{coq_example} -quote interp_f [ A B ]. -Undo. - quote interp_f [ B C iff ]. -\end{coq_example} - -\Warning Since function inversion -is undecidable in general case, don't expect miracles from it! - -\begin{Variants} - -\item {\tt quote {\ident} in {\term} using {\tac}} - - \tac\ must be a functional tactic (starting with {\tt fun x =>}) - and will be called with the quoted version of \term\ according to - \ident. - -\item {\tt quote {\ident} [ \ident$_1$ \dots\ \ident$_n$ ] in {\term} using {\tac}} - - Same as above, but will use \ident$_1$, \dots, \ident$_n$ to - chose which subterms are constants (see above). - -\end{Variants} - -% \SeeAlso file \texttt{theories/DEMOS/DemoQuote.v} - -\SeeAlso comments of source file \texttt{plugins/quote/quote.ml} - -\SeeAlso the \texttt{ring} tactic (Chapter~\ref{ring}) - - - -\section{Using the tactical language} - -\subsection{About the cardinality of the set of natural numbers} - -A first example which shows how to use the pattern matching over the proof -contexts is the proof that natural numbers have more than two elements. The -proof of such a lemma can be done as %shown on Figure~\ref{cnatltac}. -follows: -%\begin{figure} -%\begin{centerframe} -\begin{coq_eval} -Reset Initial. -Require Import Arith. -Require Import List. -\end{coq_eval} -\begin{coq_example*} -Lemma card_nat : - ~ (exists x : nat, exists y : nat, forall z:nat, x = z \/ y = z). -Proof. -red; intros (x, (y, Hy)). -elim (Hy 0); elim (Hy 1); elim (Hy 2); intros; - match goal with - | [_:(?a = ?b),_:(?a = ?c) |- _ ] => - cut (b = c); [ discriminate | transitivity a; auto ] - end. -Qed. -\end{coq_example*} -%\end{centerframe} -%\caption{A proof on cardinality of natural numbers} -%\label{cnatltac} -%\end{figure} - -We can notice that all the (very similar) cases coming from the three -eliminations (with three distinct natural numbers) are successfully solved by -a {\tt match goal} structure and, in particular, with only one pattern (use -of non-linear matching). - -\subsection{Permutation on closed lists} - -Another more complex example is the problem of permutation on closed lists. The -aim is to show that a closed list is a permutation of another one. - -First, we define the permutation predicate as shown in table~\ref{permutpred}. - -\begin{figure} -\begin{centerframe} -\begin{coq_example*} -Section Sort. -Variable A : Set. -Inductive permut : list A -> list A -> Prop := - | permut_refl : forall l, permut l l - | permut_cons : - forall a l0 l1, permut l0 l1 -> permut (a :: l0) (a :: l1) - | permut_append : forall a l, permut (a :: l) (l ++ a :: nil) - | permut_trans : - forall l0 l1 l2, permut l0 l1 -> permut l1 l2 -> permut l0 l2. -End Sort. -\end{coq_example*} -\end{centerframe} -\caption{Definition of the permutation predicate} -\label{permutpred} -\end{figure} - -A more complex example is the problem of permutation on closed lists. -The aim is to show that a closed list is a permutation of another one. -First, we define the permutation predicate as shown on -Figure~\ref{permutpred}. - -\begin{figure} -\begin{centerframe} -\begin{coq_example} -Ltac Permut n := - match goal with - | |- (permut _ ?l ?l) => apply permut_refl - | |- (permut _ (?a :: ?l1) (?a :: ?l2)) => - let newn := eval compute in (length l1) in - (apply permut_cons; Permut newn) - | |- (permut ?A (?a :: ?l1) ?l2) => - match eval compute in n with - | 1 => fail - | _ => - let l1' := constr:(l1 ++ a :: nil) in - (apply (permut_trans A (a :: l1) l1' l2); - [ apply permut_append | compute; Permut (pred n) ]) - end - end. -Ltac PermutProve := - match goal with - | |- (permut _ ?l1 ?l2) => - match eval compute in (length l1 = length l2) with - | (?n = ?n) => Permut n - end - end. -\end{coq_example} -\end{centerframe} -\caption{Permutation tactic} -\label{permutltac} -\end{figure} - -Next, we can write naturally the tactic and the result can be seen on -Figure~\ref{permutltac}. We can notice that we use two toplevel -definitions {\tt PermutProve} and {\tt Permut}. The function to be -called is {\tt PermutProve} which computes the lengths of the two -lists and calls {\tt Permut} with the length if the two lists have the -same length. {\tt Permut} works as expected. If the two lists are -equal, it concludes. Otherwise, if the lists have identical first -elements, it applies {\tt Permut} on the tail of the lists. Finally, -if the lists have different first elements, it puts the first element -of one of the lists (here the second one which appears in the {\tt - permut} predicate) at the end if that is possible, i.e., if the new -first element has been at this place previously. To verify that all -rotations have been done for a list, we use the length of the list as -an argument for {\tt Permut} and this length is decremented for each -rotation down to, but not including, 1 because for a list of length -$n$, we can make exactly $n-1$ rotations to generate at most $n$ -distinct lists. Here, it must be noticed that we use the natural -numbers of {\Coq} for the rotation counter. On Figure~\ref{ltac}, we -can see that it is possible to use usual natural numbers but they are -only used as arguments for primitive tactics and they cannot be -handled, in particular, we cannot make computations with them. So, a -natural choice is to use {\Coq} data structures so that {\Coq} makes -the computations (reductions) by {\tt eval compute in} and we can get -the terms back by {\tt match}. - -With {\tt PermutProve}, we can now prove lemmas as -% shown on Figure~\ref{permutlem}. -follows: -%\begin{figure} -%\begin{centerframe} - -\begin{coq_example*} -Lemma permut_ex1 : - permut nat (1 :: 2 :: 3 :: nil) (3 :: 2 :: 1 :: nil). -Proof. PermutProve. Qed. -Lemma permut_ex2 : - permut nat - (0 :: 1 :: 2 :: 3 :: 4 :: 5 :: 6 :: 7 :: 8 :: 9 :: nil) - (0 :: 2 :: 4 :: 6 :: 8 :: 9 :: 7 :: 5 :: 3 :: 1 :: nil). -Proof. PermutProve. Qed. -\end{coq_example*} -%\end{centerframe} -%\caption{Examples of {\tt PermutProve} use} -%\label{permutlem} -%\end{figure} - - -\subsection{Deciding intuitionistic propositional logic} - -\begin{figure}[b] -\begin{centerframe} -\begin{coq_example} -Ltac Axioms := - match goal with - | |- True => trivial - | _:False |- _ => elimtype False; assumption - | _:?A |- ?A => auto - end. -\end{coq_example} -\end{centerframe} -\caption{Deciding intuitionistic propositions (1)} -\label{tautoltaca} -\end{figure} - - -\begin{figure} -\begin{centerframe} -\begin{coq_example} -Ltac DSimplif := - repeat - (intros; - match goal with - | id:(~ _) |- _ => red in id - | id:(_ /\ _) |- _ => - elim id; do 2 intro; clear id - | id:(_ \/ _) |- _ => - elim id; intro; clear id - | id:(?A /\ ?B -> ?C) |- _ => - cut (A -> B -> C); - [ intro | intros; apply id; split; assumption ] - | id:(?A \/ ?B -> ?C) |- _ => - cut (B -> C); - [ cut (A -> C); - [ intros; clear id - | intro; apply id; left; assumption ] - | intro; apply id; right; assumption ] - | id0:(?A -> ?B),id1:?A |- _ => - cut B; [ intro; clear id0 | apply id0; assumption ] - | |- (_ /\ _) => split - | |- (~ _) => red - end). -Ltac TautoProp := - DSimplif; - Axioms || - match goal with - | id:((?A -> ?B) -> ?C) |- _ => - cut (B -> C); - [ intro; cut (A -> B); - [ intro; cut C; - [ intro; clear id | apply id; assumption ] - | clear id ] - | intro; apply id; intro; assumption ]; TautoProp - | id:(~ ?A -> ?B) |- _ => - cut (False -> B); - [ intro; cut (A -> False); - [ intro; cut B; - [ intro; clear id | apply id; assumption ] - | clear id ] - | intro; apply id; red; intro; assumption ]; TautoProp - | |- (_ \/ _) => (left; TautoProp) || (right; TautoProp) - end. -\end{coq_example} -\end{centerframe} -\caption{Deciding intuitionistic propositions (2)} -\label{tautoltacb} -\end{figure} - -The pattern matching on goals allows a complete and so a powerful -backtracking when returning tactic values. An interesting application -is the problem of deciding intuitionistic propositional logic. -Considering the contraction-free sequent calculi {\tt LJT*} of -Roy~Dyckhoff (\cite{Dyc92}), it is quite natural to code such a tactic -using the tactic language as shown on Figures~\ref{tautoltaca} -and~\ref{tautoltacb}. The tactic {\tt Axioms} tries to conclude using -usual axioms. The tactic {\tt DSimplif} applies all the reversible -rules of Dyckhoff's system. Finally, the tactic {\tt TautoProp} (the -main tactic to be called) simplifies with {\tt DSimplif}, tries to -conclude with {\tt Axioms} and tries several paths using the -backtracking rules (one of the four Dyckhoff's rules for the left -implication to get rid of the contraction and the right or). - -For example, with {\tt TautoProp}, we can prove tautologies like - those: -% on Figure~\ref{tautolem}. -%\begin{figure}[tbp] -%\begin{centerframe} -\begin{coq_example*} -Lemma tauto_ex1 : forall A B:Prop, A /\ B -> A \/ B. -Proof. TautoProp. Qed. -Lemma tauto_ex2 : - forall A B:Prop, (~ ~ B -> B) -> (A -> B) -> ~ ~ A -> B. -Proof. TautoProp. Qed. -\end{coq_example*} -%\end{centerframe} -%\caption{Proofs of tautologies with {\tt TautoProp}} -%\label{tautolem} -%\end{figure} - -\subsection{Deciding type isomorphisms} - -A more tricky problem is to decide equalities between types and modulo -isomorphisms. Here, we choose to use the isomorphisms of the simply typed -$\lb{}$-calculus with Cartesian product and $unit$ type (see, for example, -\cite{RC95}). The axioms of this $\lb{}$-calculus are given by -table~\ref{isosax}. - -\begin{figure} -\begin{centerframe} -\begin{coq_eval} -Reset Initial. -\end{coq_eval} -\begin{coq_example*} -Open Scope type_scope. -Section Iso_axioms. -Variables A B C : Set. -Axiom Com : A * B = B * A. -Axiom Ass : A * (B * C) = A * B * C. -Axiom Cur : (A * B -> C) = (A -> B -> C). -Axiom Dis : (A -> B * C) = (A -> B) * (A -> C). -Axiom P_unit : A * unit = A. -Axiom AR_unit : (A -> unit) = unit. -Axiom AL_unit : (unit -> A) = A. -Lemma Cons : B = C -> A * B = A * C. -Proof. -intro Heq; rewrite Heq; reflexivity. -Qed. -End Iso_axioms. -\end{coq_example*} -\end{centerframe} -\caption{Type isomorphism axioms} -\label{isosax} -\end{figure} - -A more tricky problem is to decide equalities between types and modulo -isomorphisms. Here, we choose to use the isomorphisms of the simply typed -$\lb{}$-calculus with Cartesian product and $unit$ type (see, for example, -\cite{RC95}). The axioms of this $\lb{}$-calculus are given on -Figure~\ref{isosax}. - -\begin{figure}[ht] -\begin{centerframe} -\begin{coq_example} -Ltac DSimplif trm := - match trm with - | (?A * ?B * ?C) => - rewrite <- (Ass A B C); try MainSimplif - | (?A * ?B -> ?C) => - rewrite (Cur A B C); try MainSimplif - | (?A -> ?B * ?C) => - rewrite (Dis A B C); try MainSimplif - | (?A * unit) => - rewrite (P_unit A); try MainSimplif - | (unit * ?B) => - rewrite (Com unit B); try MainSimplif - | (?A -> unit) => - rewrite (AR_unit A); try MainSimplif - | (unit -> ?B) => - rewrite (AL_unit B); try MainSimplif - | (?A * ?B) => - (DSimplif A; try MainSimplif) || (DSimplif B; try MainSimplif) - | (?A -> ?B) => - (DSimplif A; try MainSimplif) || (DSimplif B; try MainSimplif) - end - with MainSimplif := - match goal with - | |- (?A = ?B) => try DSimplif A; try DSimplif B - end. -Ltac Length trm := - match trm with - | (_ * ?B) => let succ := Length B in constr:(S succ) - | _ => constr:(1) - end. -Ltac assoc := repeat rewrite <- Ass. -\end{coq_example} -\end{centerframe} -\caption{Type isomorphism tactic (1)} -\label{isosltac1} -\end{figure} - -\begin{figure}[ht] -\begin{centerframe} -\begin{coq_example} -Ltac DoCompare n := - match goal with - | [ |- (?A = ?A) ] => reflexivity - | [ |- (?A * ?B = ?A * ?C) ] => - apply Cons; let newn := Length B in - DoCompare newn - | [ |- (?A * ?B = ?C) ] => - match eval compute in n with - | 1 => fail - | _ => - pattern (A * B) at 1; rewrite Com; assoc; DoCompare (pred n) - end - end. -Ltac CompareStruct := - match goal with - | [ |- (?A = ?B) ] => - let l1 := Length A - with l2 := Length B in - match eval compute in (l1 = l2) with - | (?n = ?n) => DoCompare n - end - end. -Ltac IsoProve := MainSimplif; CompareStruct. -\end{coq_example} -\end{centerframe} -\caption{Type isomorphism tactic (2)} -\label{isosltac2} -\end{figure} - -The tactic to judge equalities modulo this axiomatization can be written as -shown on Figures~\ref{isosltac1} and~\ref{isosltac2}. The algorithm is quite -simple. Types are reduced using axioms that can be oriented (this done by {\tt -MainSimplif}). The normal forms are sequences of Cartesian -products without Cartesian product in the left component. These normal forms -are then compared modulo permutation of the components (this is done by {\tt -CompareStruct}). The main tactic to be called and realizing this algorithm is -{\tt IsoProve}. - -% Figure~\ref{isoslem} gives -Here are examples of what can be solved by {\tt IsoProve}. -%\begin{figure}[ht] -%\begin{centerframe} -\begin{coq_example*} -Lemma isos_ex1 : - forall A B:Set, A * unit * B = B * (unit * A). -Proof. -intros; IsoProve. -Qed. - -Lemma isos_ex2 : - forall A B C:Set, - (A * unit -> B * (C * unit)) = - (A * unit -> (C -> unit) * C) * (unit -> A -> B). -Proof. -intros; IsoProve. -Qed. -\end{coq_example*} -%\end{centerframe} -%\caption{Type equalities solved by {\tt IsoProve}} -%\label{isoslem} -%\end{figure} - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: "Reference-Manual" -%%% End: diff --git a/doc/refman/Reference-Manual.tex b/doc/refman/Reference-Manual.tex index fc1c01cf24..86f123322c 100644 --- a/doc/refman/Reference-Manual.tex +++ b/doc/refman/Reference-Manual.tex @@ -85,8 +85,6 @@ Options A and B of the licence are {\em not} elected.} %END LATEX %\defaultheaders -\include{RefMan-int}% Introduction -\include{RefMan-pre}% Credits %BEGIN LATEX \tableofcontents @@ -97,45 +95,30 @@ Options A and B of the licence are {\em not} elected.} \defaultheaders %END LATEX \include{RefMan-gal.v}% Gallina -\include{RefMan-ext.v}% Gallina extensions -\include{RefMan-lib.v}% The coq library -\include{RefMan-cic.v}% The Calculus of Constructions -\include{RefMan-modr}% The module system \part{The proof engine} \include{RefMan-oth.v}% Vernacular commands \include{RefMan-pro.v}% Proof handling -\include{RefMan-tac.v}% Tactics and tacticals \include{RefMan-ltac.v}% Writing tactics -\include{RefMan-tacex.v}% Detailed Examples of tactics \lstset{language=SSR} \lstset{moredelim=[is][]{|*}{*|}} \lstset{moredelim=*[is][\itshape\rmfamily]{/*}{*/}} -\include{RefMan-ssr} \part{User extensions} -\include{RefMan-syn.v}% The Syntax and the Grammar commands %%SUPPRIME \include{RefMan-tus.v}% Writing tactics -\include{RefMan-sch.v}% The Scheme commands \part{Practical tools} -\include{RefMan-com}% The coq commands (coqc coqtop) \include{RefMan-uti}% utilities (gallina, do_Makefile, etc) -\include{RefMan-ide}% Coq IDE %BEGIN LATEX \RefManCutCommand{BEGINADDENDUM=\thepage} %END LATEX \part{Addendum to the Reference Manual} \include{AddRefMan-pre}% -\include{Cases.v}% \include{Coercion.v}% -\include{CanonicalStructures.v}% \include{Classes.v}% -\include{Omega.v}% -\include{Micromega.v} \include{Extraction.v}% \include{Program.v}% \include{Polynom.v}% = Ring diff --git a/doc/refman/Universes.tex b/doc/refman/Universes.tex index 6c84a1818c..c7d39c0f3e 100644 --- a/doc/refman/Universes.tex +++ b/doc/refman/Universes.tex @@ -232,6 +232,20 @@ Section down. Defined. \end{coq_example} +\subsection{\tt Cumulativity Weak Constraints} +\optindex{Cumulativity Weak Constraints} + +This option, on by default, causes ``weak'' constraints to be produced +when comparing universes in an irrelevant position. Processing weak +constraints is delayed until minimization time. A weak constraint +between {\tt u} and {\tt v} when neither is smaller than the other and +one is flexible causes them to be unified. Otherwise the constraint is +silently discarded. + +This heuristic is experimental and may change in future versions. +Disabling weak constraints is more predictable but may produce +arbitrary numbers of universes. + \asection{Global and local universes} Each universe is declared in a global or local environment before it can |