Co-inductive predicates and bisimilarity CoqArt section 13.613.7 - - PowerPoint PPT Presentation

co inductive predicates and bisimilarity
SMART_READER_LITE
LIVE PREVIEW

Co-inductive predicates and bisimilarity CoqArt section 13.613.7 - - PowerPoint PPT Presentation

Dec 21, 2022 212 likes •662 views

Co-inductive predicates and bisimilarity CoqArt section 13.613.7 Koen Timmermans and Marnix Suilen 1 Definitions Recall the definition of LList : Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A

slide-1
SLIDE 1

Co-inductive predicates and bisimilarity

Coq’Art section 13.6–13.7 Koen Timmermans and Marnix Suilen

1

slide-2
SLIDE 2

Definitions

Recall the definition of LList:

Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList A -> LList A. Implicit Arguments LNil [A].

2

slide-3
SLIDE 3

Definitions

Recall the definition of LList:

Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList A -> LList A. Implicit Arguments LNil [A].

And the definition of from:

CoFixpoint from (n:nat) : LList nat := LCons n (from (S n)).

2

slide-4
SLIDE 4

Definitions

Recall the definition of LList:

Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList A -> LList A. Implicit Arguments LNil [A].

And the definition of from:

CoFixpoint from (n:nat) : LList nat := LCons n (from (S n)).

And of repeat:

CoFixpoint repeat (A:Set)(a:A) : LList A := LCons a (repeat a).

2

slide-5
SLIDE 5

Recall from_unfold

Lemma from_unfold: forall n:nat , from n = LCons n (from (S n)). Proof. intro n. LList_unfold (from n). simpl. reflexivity. Qed.

3

slide-6
SLIDE 6

Recall Guard conditions

A definition by cofixpoint is only accepted if all recursive calls occur inside one of the arguments of a constructor of the co-inductive type.

4

slide-7
SLIDE 7

Co-inductive Predicates

  • Used for properties on co-inductive types that cannot be defined inductively.

5

slide-8
SLIDE 8

Co-inductive Predicates

  • Used for properties on co-inductive types that cannot be defined inductively.
  • Example: infiniteness of LLists.

– Finiteness can be proven with a finite number of applications of Finite_LCons to a term obtained with Finite_LNil.

5

slide-9
SLIDE 9

Co-inductive Predicates

  • Used for properties on co-inductive types that cannot be defined inductively.
  • Example: infiniteness of LLists.

– Finiteness can be proven with a finite number of applications of Finite_LCons to a term obtained with Finite_LNil. An inductive predicate.

5

slide-10
SLIDE 10

Co-inductive Predicates

  • Used for properties on co-inductive types that cannot be defined inductively.
  • Example: infiniteness of LLists.

– Finiteness can be proven with a finite number of applications of Finite_LCons to a term obtained with Finite_LNil. An inductive predicate. – Infiniteness cannot be proven this way. It needs a co-inductive predicate.

5

slide-11
SLIDE 11

Predicate for Infinite

This is a predicate that indicates that a LList is infinite.

CoInductive Infinite (A:Set) : LList A -> Prop := Infinite_LCons : forall (a:A) (l : LList A), Infinite l -> Infinite (LCons a l).

6

slide-12
SLIDE 12

Infinite proofs

  • We want to prove that from n yields infinite lists for every natural number n.

7

slide-13
SLIDE 13

Infinite proofs

  • We want to prove that from n yields infinite lists for every natural number n.
  • We do this by building an inhabitant of the type forall n:nat, Infinite (from n).

7

slide-14
SLIDE 14

Infinite proofs

  • We want to prove that from n yields infinite lists for every natural number n.
  • We do this by building an inhabitant of the type forall n:nat, Infinite (from n).
  • For this, we need a co-recursive function of which this is a fixpoint.

7

slide-15
SLIDE 15

Infinite proofs

  • We want to prove that from n yields infinite lists for every natural number n.
  • We do this by building an inhabitant of the type forall n:nat, Infinite (from n).
  • For this, we need a co-recursive function of which this is a fixpoint.

We define

Definition F_from : (forall n:nat , Infinite (from n)) -> forall n:nat , Infinite (from n).

7

slide-16
SLIDE 16

Infinite proofs

  • We want to prove that from n yields infinite lists for every natural number n.
  • We do this by building an inhabitant of the type forall n:nat, Infinite (from n).
  • For this, we need a co-recursive function of which this is a fixpoint.

We define

Definition F_from : (forall n:nat , Infinite (from n)) -> forall n:nat , Infinite (from n).

We have to prove that this satisfies the guard condition.

7

slide-17
SLIDE 17

Infinite proofs

  • We want to prove that from n yields infinite lists for every natural number n.
  • We do this by building an inhabitant of the type forall n:nat, Infinite (from n).
  • For this, we need a co-recursive function of which this is a fixpoint.

We define

Definition F_from : (forall n:nat , Infinite (from n)) -> forall n:nat , Infinite (from n).

We have to prove that this satisfies the guard condition. intro H. intro n. rewrite (from_unfold n). split. apply H. Defined.

7

slide-18
SLIDE 18

The cofix tactic

  • The cofix tactic automates much of the above:

8

slide-19
SLIDE 19

The cofix tactic

  • The cofix tactic automates much of the above:

Theorem from_Infinite_V0 : forall n:nat , Infinite (from n). Proof cofix H : forall n:nat , Infinite (from n) := F_from H.

8

slide-20
SLIDE 20

The cofix tactic

  • The cofix tactic automates much of the above:

Theorem from_Infinite_V0 : forall n:nat , Infinite (from n). Proof cofix H : forall n:nat , Infinite (from n) := F_from H.

  • To prove a property P, where P uses a co-inductive predicate, one should construct a term
  • f the form cofix H : P := t.

8

slide-21
SLIDE 21

The cofix tactic

  • The cofix tactic automates much of the above:

Theorem from_Infinite_V0 : forall n:nat , Infinite (from n). Proof cofix H : forall n:nat , Infinite (from n) := F_from H.

  • To prove a property P, where P uses a co-inductive predicate, one should construct a term
  • f the form cofix H : P := t.
  • Here, t has type P in the context with a hypothesis H : P.

The term we obtain satisfies the guard condition.

8

slide-22
SLIDE 22

The cofix tactic

  • The cofix tactic automates much of the above:

Theorem from_Infinite_V0 : forall n:nat , Infinite (from n). Proof cofix H : forall n:nat , Infinite (from n) := F_from H.

  • To prove a property P, where P uses a co-inductive predicate, one should construct a term
  • f the form cofix H : P := t.
  • Here, t has type P in the context with a hypothesis H : P.

The term we obtain satisfies the guard condition.

  • This can also be done without explicitly mentioning P.

Theorem from_Infinite_V1 : forall n:nat , Infinite (from n). Proof. cofix H. apply (F_from H). Qed.

8

slide-23
SLIDE 23

And we can use this tactic in an interactive way.

Theorem from_Infinite : forall n:nat , Infinite (from n). Proof. cofix H. intro n. rewrite (from_unfold n). apply Infinite_LCons . apply H. Qed.

9

slide-24
SLIDE 24

Guard condition violation

Lemma from_Infinite_buggy : forall n:nat , Infinite (from n). Proof. cofix H. auto with llists.

10

slide-25
SLIDE 25

Guard condition violation

Lemma from_Infinite_buggy : forall n:nat , Infinite (from n). Proof. cofix H. auto with llists.

Proof completed.

10

slide-26
SLIDE 26

Guard condition violation

Lemma from_Infinite_buggy : forall n:nat , Infinite (from n). Proof. cofix H. auto with llists.

Proof completed.

Qed.

Error: Recursive definition of "H" is ill-formed. In environment

H: V n:nat , Infinite (from n) unguarded recursive call in "H"

10

slide-27
SLIDE 27

The Guarded tactic

Check for guard violations after using an auto command:

11

slide-28
SLIDE 28

The Guarded tactic

Check for guard violations after using an auto command:

Lemma from_Infinite_buggy : .. Proof. cofix H. auto with llists. Guarded.

11

slide-29
SLIDE 29

The Guarded tactic

Check for guard violations after using an auto command:

Lemma from_Infinite_buggy : .. Proof. cofix H. auto with llists. Guarded.

Error: Recursive definition of "H" is ill-formed.

11

slide-30
SLIDE 30

The Guarded tactic

Check for guard violations after using an auto command:

Lemma from_Infinite_buggy : .. Proof. cofix H. auto with llists. Guarded.

Error: Recursive definition of "H" is ill-formed.

Undo. intro n; rewrite (from_unfold n). split; auto. Guarded.

11

slide-31
SLIDE 31

The Guarded tactic

Check for guard violations after using an auto command:

Lemma from_Infinite_buggy : .. Proof. cofix H. auto with llists. Guarded.

Error: Recursive definition of "H" is ill-formed.

Undo. intro n; rewrite (from_unfold n). split; auto. Guarded.

The condition holds up to here

11

slide-32
SLIDE 32

The Guarded tactic

Check for guard violations after using an auto command:

Lemma from_Infinite_buggy : .. Proof. cofix H. auto with llists. Guarded.

Error: Recursive definition of "H" is ill-formed.

Undo. intro n; rewrite (from_unfold n). split; auto. Guarded.

The condition holds up to here

Qed.

11

slide-33
SLIDE 33

LNil is not infinite

Theorem LNil_not_Infinite : forall (A:Set), ~Infinite (LNil (A:=A)). Proof. intros A H. inversion H. Qed.

12

slide-34
SLIDE 34

Infiniteness of repeat

  • We prove that repeat a yields an infinite LList A for any a of type A.
  • For this, we need an auxiliary lemma

13

slide-35
SLIDE 35

Infiniteness of repeat

  • We prove that repeat a yields an infinite LList A for any a of type A.
  • For this, we need an auxiliary lemma

Lemma repeat_unfold : forall A:Set , forall a:A, repeat a = LCons a (repeat a). Proof. intro A. intro a. LList_unfold (repeat a). simpl. reflexivity. Qed.

13

slide-36
SLIDE 36

We can use this lemma to prove the following theorem

14

slide-37
SLIDE 37

We can use this lemma to prove the following theorem

Lemma repeat_infinite : forall (A:Set) (a:A), Infinite (repeat a). Proof. intro A. cofix a. intro b.

14

slide-38
SLIDE 38

We can use this lemma to prove the following theorem

Lemma repeat_infinite : forall (A:Set) (a:A), Infinite (repeat a). Proof. intro A. cofix a. intro b.

The proof state at this moment is

A : Set a : forall a : A, Infinite (repeat a) b : A ============================ Infinite (repeat b)

14

slide-39
SLIDE 39

A : Set a : forall a : A, Infinite (repeat a) b : A ============================ Infinite (repeat b)

15

slide-40
SLIDE 40

A : Set a : forall a : A, Infinite (repeat a) b : A ============================ Infinite (repeat b)

We finish this by

rewrite ( repeat_unfold b). apply Infinite_LCons . apply a. Qed.

15

slide-41
SLIDE 41

Bisimilarity

Weaker form of equality: two things are the same if they look/behave the same. For LLists: two LList As are bisimilar if the first element of each LList A are equal, and the tails are bisimilar again:

16

slide-42
SLIDE 42

Bisimilarity

Weaker form of equality: two things are the same if they look/behave the same. For LLists: two LList As are bisimilar if the first element of each LList A are equal, and the tails are bisimilar again:

CoInductive bisimilar (A:Set) : LList A -> LList A -> Prop := | bisim_LNil : bisimilar LNil LNil | bisim_LCons : forall (a:A)(l l’ : LList A), bisimilar l l’ -> bisimilar (LCons a l) (LCons a l’).

16

slide-43
SLIDE 43

bisimilar is an equivalence relation

We end by showing that bisimilar is an equivalence relation. We use the built-in definitions from the Relations library. Theorem bisimilar_equiv : forall (A:Set), equiv (LList A) (bisimilar (A:=A)). We prove this theorem by introducing three lemmas, that claim that bisimilar as a relation is reflexive, symmetric and transitive. See accompanying Coq file.

17