I'm learning Coq and the book I'm learning from, (CPDT) makes heavy use of auto in proofs.
Since I'm learning I think it might be helpful for me to see exactly what auto is doing under the hood (the less magic early on the better). Is there any way to force it to display exactly what tactics or techniques it's using to compute the proof?
If not, is there a place which details exactly what auto does?
There are multiple ways to get a glance at what is going on under the hood.
TLDR: Put info before your tactic, or use Show Proof. before and after calling the tactic and spot the differences.
To see what a particular tactic invocation has been doing, you can prefix is with info, so as to show the particular proof steps it has taken.
(This might be broken with Coq 8.4, I see that they provide info_ versions of some tactics, read the error message if you need to.)
This is probably what you want at a beginner level, it can already be quite terse.
Another way to see what is currently going on within a proof is to use the command Show Proof.. It will show you the currently built term with holes, and show you which hole each of your current goals is supposed to fill.
This is probably more advanced, especially if you use tactic such as induction or inversion, as the term being built is going to be fairly involved, and will require you to understand the underlying nature of induction schemes or dependent pattern-matching (which CPDT should teach you soon enough).
Once you have finished a proof with Qed. (or Defined.), you can also ask to look at the term that was built by using Print term. where term is the name of the theorem/term.
This will often be a big and ugly term, and it needs some training to be able to read these for involved terms. In particular, if the term has been built via the use of powerful tactics (such as omega, crush, etc.), it is probably going to be unreadable. You'd basically only use that to scan at some particular place of the term you're interested in. If it's more than 10 lines long, don't even bother reading it in such a crude format! :)
With all of the previous, you can use Set Printing All. beforehand, so that Coq prints the unfolded, explicit versions of everything. It is additionally verbose but can help when you wonder what the values of implicit parameters are.
These are all the ones I can think of on the top of my head, there might be more though.
As for what a tactic does, the usual best answer is found in the documentation:
http://coq.inria.fr/distrib/V8.4/refman/Reference-Manual011.html##tactic155
Basically, auto tries to use all the hints provided (depending on the database you use), and to solve your goal combining them up to some depth (that you can specify). By default, the database is core and the depth is 5.
More info on that can be found here:
http://coq.inria.fr/distrib/V8.4/refman/Reference-Manual011.html#Hints-databases
Related
This question is based on my question https://cs.stackexchange.com/questions/96533/how-to-transform-lambda-function-to-multi-argument-lambda-function-and-how-to-re There are two functions and two terms in that question:
Functions:
is: (e->t)->(e->t)
IS: e->(e->t)->t
Terms:
(is(boss))(John): t
IS(John, boss): t
My question is this: how to rewrite terms involving is with terms that have only IS? Does Coq (or third party tools) has such rewriting facilities? Does Coq have facilities to check the equality of rewrittern terms?
Maybe such rewriting can be done outside the Coq world, maybe there are other purely lambda calculus tools with syntactic manipulation only?
There is no tool that performs the kind of textual transformation of Coq code you are describing directly. Without knowing much about GrammaticalFramework, I imagine that your best bet would be to write a Sed script that looks for occurrences of is applied to arguments and replaced those occurrences by equivalent expressions with IS.
The second “IS“ form can be more easily converted to is-boss predicate, that is why I am striving to arrive at it.
I think that if you used a Sed script you could just as easily go to the IS_BOSS form directly, without using IS.
What's the best approach to do interactive theorem proving in Coq without specifying a Theorem definition first? I'd like to state some initial assumptions and definitions, and then interactively explore transformations to see if I can prove any interesting theorems without knowing them ahead of time. I'd like Coq to help me keep track of the transformed assumptions and check that my rewrites are valid, like when proving explicit theorems in interactive mode. Does Coq have support for this use case?
One convenient method is to use the Variable/Hypothesis commands (they do the same thing) to add assumptions and introduce example objects (eg, Variable n:nat. introduces a nat you can now work with). Then to get into theorem proving mode what I do occasionally is Goal False. to start proving False, just to make sure I don't accidentally prove the theorem. You can also assert and admit things to get additional assumptions without restarting the proof.
I have gone through the Software Foundations series and have good understanding of Coq basics. But, proofs of anything non-trivial become too long and tedious.
What are strategies to write manageable large Coq proofs for someone familiar with basics?
This is an important question, but unfortunately too broad to have a satisfactory, overarching answer; in a sense, it is akin to wondering what the best strategy is for writing large, complex programs in your favorite programming language (but much worse, given that proof-assistant technology is not nearly as mature as conventional languages).
The most best advice that I can give is: don't try to brute force a proof. If you think something is becoming too complex, stop, step back, and think if there is any change in the code that would simplify your life. Maybe your definitions are not stated quite right; maybe you need some automation; or maybe the statement of your theorem is too complicated -- or, even worse, plainly false! However, the only way to know how to proceed is with a concrete, specific example in hand that is giving you headaches. Once you have one, we would be happy to help you.
Certified Programming with Dependent Types (CPDT for short) is a good introduction often recommended along with or in place of Software Foundations. It places a strong focus on short and automated proofs, and is a good introduction to learning tactic automation.
I have a screenshot from my textbook here (Sudkamp, 3e), and I am trying to understand how macros are used with the Turing Machine. I am having a hard time grasping it, especially since I have never learned about macros before. If anyone can help with an explanation here, I would really appreciate it.
The only thing I really understand is that the CPY just copies the input, and then there ends up being 3 n’s. Otherwise, I don't really get how to come to that conclusion. I can try to be more specific if I am being too vague, let me know.
For the specific problem: yes, via CPY you get three times n. For computing f(n) = 3n the machine then computes n+n+n = 3n via the addition A.
About macros in general: they do not really work in the way suggested by the diagram. You cannot just put a machine for copying in a "place" in the computation of another machine. Adaptions for alphabet, start state etc. are necessary. The problem is that with TMs programs become very big, many states transition etc. and unreadable. So we suppose that these little adaptions can be done in principle. Now we do not specify complex machines in detail anymore, but use such macros for tasks that have been shown to be computable by a TM (like copying and adding). The resulting description is more understandable. A bit like a higher-level programming language, where you can use complex constructs and data structures without caring about their assembler implementation.
In the previous version of Coq using symbol # in refine command allows me to create a prove step-by-step. (Each argument was a separate goal.)
I want to avoid implicit arguments like "?Goal0 ?Goal1". And now I can not.
What should I do obtain such possibility?
(It is very uncomfortable to me especially when I trying to deal with recursive functions.)
You are looking for simple refine.
In 8.5, goals that can be solved by unification (what you call implicit) are put in the "shelve" a hidden area, as they are considered trivial. You can unshelve them with Unshelve but it is a bit incovenient as it is a vernacular command.
simple refine behaves as 8.4 and doesn't put anything in the shelve.