Hencethedistinctionbetween[bool]and[Prop].Programsoftype[bool]arecomputationalbyconstruction;wecanalwaysrunthemtodeterminetheirresults.Many[Prop]sareundecidable,andsowecanwritemoreexpressiveformulaswith[Prop]sthanwith[bool]s,buttheinevitableconsequenceisthatwecannotsimply%``%#"#run a [Prop] to determine its truth.#"#%''%
Hencethedistinctionbetween[bool]and[Prop].Programsoftype[bool]arecomputationalbyconstruction;wecanalwaysrunthemtodeterminetheirresults.Many[Prop]sareundecidable,andsowecanwritemoreexpressiveformulaswith[Prop]sthanwith[bool]s,buttheinevitableconsequenceisthatwecannotsimply"run a [Prop] to determine its truth."
@@ -364,7 +368,7 @@ We will see more about Coq's program extraction facility in a later chapter. Ho
...
@@ -364,7 +368,7 @@ We will see more about Coq's program extraction facility in a later chapter. Ho
(***First-OrderLogic*)
(***First-OrderLogic*)
(**The%\index{Gallinaterms!forall}%[forall]connectiveoffirst-orderlogic,whichwehaveseeninmanyexamplessofar,isbuiltintoCoq.Gettingaheadofourselvesabit,wecanseeitasthedependentfunctiontypeconstructor.Infact,implicationanduniversalquantificationarejustdifferentsyntacticshorthandsforthesameCoqmechanism.Aformula[P->Q]isequivalentto[forallx:P,Q],where[x]doesnotappearin[Q].Thatis,the%``%#"#real#"#%''%typeoftheimplicationsays%``%#"#for every proof of [P], there exists a proof of [Q].#"#%''%
(**The%\index{Gallinaterms!forall}%[forall]connectiveoffirst-orderlogic,whichwehaveseeninmanyexamplessofar,isbuiltintoCoq.Gettingaheadofourselvesabit,wecanseeitasthedependentfunctiontypeconstructor.Infact,implicationanduniversalquantificationarejustdifferentsyntacticshorthandsforthesameCoqmechanism.Aformula[P->Q]isequivalentto[forallx:P,Q],where[x]doesnotappearin[Q].Thatis,the"real"typeoftheimplicationsays"for every proof of [P], there exists a proof of [Q]."
WhydoesCoqusethisrestriction?Wewilldiscusstheissueindetailinafuturechapter,whenweseethedependentlytypedprogrammingtechniquesthatwouldallowustowritethisprooftermmanually.Fornow,wejustsaythatthealgorithmicproblemof%``%#"#logically complete case analysis#"#%''%isundecidablewhenphrasedinCoq'slogic.Afewtacticsanddesignpatternsthatwewillpresentinthischaptersufficeinalmostallcases.Forthecurrentexample,whatwewantisatacticcalled%\index{tactics!inversion}%[inversion],whichcorrespondstotheconceptofinversionthatisfrequentlyusedwithnaturaldeductionproofsystems.*)
WhydoesCoqusethisrestriction?Wewilldiscusstheissueindetailinafuturechapter,whenweseethedependentlytypedprogrammingtechniquesthatwouldallowustowritethisprooftermmanually.Fornow,wejustsaythatthealgorithmicproblemof"logically complete case analysis"isundecidablewhenphrasedinCoq'slogic.Afewtacticsanddesignpatternsthatwewillpresentinthischaptersufficeinalmostallcases.Forthecurrentexample,whatwewantisatacticcalled%\index{tactics!inversion}%[inversion],whichcorrespondstotheconceptofinversionthatisfrequentlyusedwithnaturaldeductionproofsystems.*)
Undo.
Undo.
inversion1.
inversion1.
...
@@ -684,7 +688,7 @@ Theorem even_plus : forall n m, even n -> even m -> even (n + m).
...
@@ -684,7 +688,7 @@ Theorem even_plus : forall n m, even n -> even m -> even (n + m).