This document discusses the Coq proof assistant. It provides examples of defining concepts like booleans, natural numbers, and functions in Coq. It demonstrates tactics for proving properties like De Morgan's laws. It also shows how to define recursive functions over natural numbers like addition and equality testing. The document aims to introduce basic concepts and usage of the Coq system through examples.
This week, Luke Pearson (Polychain Capital) and Joshua Fitzgerald (Anoma) present their work on Plonkup, a protocol that combines Plookup and PLONK into a single, efficient protocol. The protocol relies on a new hash function, called Reinforced Concrete, written by Dmitry Khovratovich. The three of them will present their work together at this week's edition of zkStudyClub!
Slides:
---
To Follow the Zero Knowledge Podcast us at https://www.zeroknowledge.fm
To the listeners of Zero Knowledge Podcast, if you like what we do:
- Follow us on Twitter - @zeroknowledgefm
- Join us on Telegram - https://t.me/joinchat/TORo7aknkYNLHmCM
- Support our Gitcoin Grant - https://gitcoin.co/grants/329/zero-knowledge-podcast-2
- Support us on Patreon - https://www.patreon.com/zeroknowledge
ZK Study Club: Sumcheck Arguments and Their ApplicationsAlex Pruden
Talk given at the ZK Study Club by Jonathan Bootle and Katerina Sotiraki about the universality of sumcheck arguments and their importance in zero-knowledge cryptography.
zkStudy Club: Subquadratic SNARGs in the Random Oracle ModelAlex Pruden
Slides for Eylon Yogev's (Bar-Ilan University) presentation at ZKStudyClub, covering his new work (co-authored w/ Alessandro Chiesa of UC Berkeley) about SNARGs in the random oracle model of sub- quadratic complexity.
Link to the original paper: https://eprint.iacr.org/2021/281.pdf
This week, Luke Pearson (Polychain Capital) and Joshua Fitzgerald (Anoma) present their work on Plonkup, a protocol that combines Plookup and PLONK into a single, efficient protocol. The protocol relies on a new hash function, called Reinforced Concrete, written by Dmitry Khovratovich. The three of them will present their work together at this week's edition of zkStudyClub!
Slides:
---
To Follow the Zero Knowledge Podcast us at https://www.zeroknowledge.fm
To the listeners of Zero Knowledge Podcast, if you like what we do:
- Follow us on Twitter - @zeroknowledgefm
- Join us on Telegram - https://t.me/joinchat/TORo7aknkYNLHmCM
- Support our Gitcoin Grant - https://gitcoin.co/grants/329/zero-knowledge-podcast-2
- Support us on Patreon - https://www.patreon.com/zeroknowledge
ZK Study Club: Sumcheck Arguments and Their ApplicationsAlex Pruden
Talk given at the ZK Study Club by Jonathan Bootle and Katerina Sotiraki about the universality of sumcheck arguments and their importance in zero-knowledge cryptography.
zkStudy Club: Subquadratic SNARGs in the Random Oracle ModelAlex Pruden
Slides for Eylon Yogev's (Bar-Ilan University) presentation at ZKStudyClub, covering his new work (co-authored w/ Alessandro Chiesa of UC Berkeley) about SNARGs in the random oracle model of sub- quadratic complexity.
Link to the original paper: https://eprint.iacr.org/2021/281.pdf
Next Generation Indexes For Big Data Engineering (ODSC East 2018)Daniel Lemire
Maximizing performance in data engineering is a daunting challenge. We present some of our work on designing faster indexes, with a particular emphasis on compressed indexes. Some of our prior work includes (1) Roaring indexes which are part of multiple big-data systems such as Spark, Hive, Druid, Atlas, Pinot, Kylin, (2) EWAH indexes are part of Git (GitHub) and included in major Linux distributions.
We will present ongoing and future work on how we can process data faster while supporting the diverse systems found in the cloud (with upcoming ARM processors) and under multiple programming languages (e.g., Java, C++, Go, Python). We seek to minimize shared resources (e.g., RAM) while exploiting algorithms designed for the single-instruction-multiple-data (SIMD) instructions available on commodity processors. Our end goal is to process billions of records per second per core.
The talk will be aimed at programmers who want to better understand the performance characteristics of current big-data systems as well as their evolution. The following specific topics will be addressed:
1. The various types of indexes and their performance characteristics and trade-offs: hashing, sorted arrays, bitsets and so forth.
2. Index and table compression techniques: binary packing, patched coding, dictionary coding, frame-of-reference.
Também conhecido como o “Time Lock Puzzle”, o LCS35 é um desafio em forma de criptografia projetado em 1999 pelo pesquisador Ron Rivest, do Instituto de Tecnologia de Massachusetts (MIT). Quando este problema matemático for resolvido, uma cápsula do tempo de chumbo será aberta no MIT.
O puzzle envolve a divisão de um número incrivelmente enorme, por um número que é apenas um pouco menor que o da conta (mas ainda com mais de 600 dígitos).
Ninguém sabe o que está dentro da capsula e, segundo os dados de Rivest, estima-se que levaria cerca de 35 anos para que o enigma seja resolvido. Os interessados ainda terão de esperar para descobrir o que de fato tem na capsula.
Contemporary computing hardware offers massive new performance opportunities. Yet high-performance programming remains a daunting challenge.
We present some of the lessons learned while designing faster indexes, with a particular emphasis on compressed bitmap indexes. Compressed bitmap indexes accelerate queries in popular systems such as Apache Spark, Git, Elastic, Druid and Apache Kylin.
A three-part presentation on the Swift programming language:
• An introduction to Swift for Objective-C developers
• Changes in Swift 2
• What's coming in Swift 2.2 & 3.0
Presentation on Roaring bitmaps for the Go Montreal meetup (Go 10th anniversary).
Roaring bitmaps are a standard indexing data structure. They are
widely used in search and database engines. For example, Lucene, the
search engine powering Wikipedia relies on Roaring. The Go library
roaring implements Roaring bitmaps in Go. It is used in several
popular systems such as InfluxDB, Pilosa and Bleve. This library is
used in production in several systems, it is part of the Awesome Go
collection. After presenting the library, we will cover some advanced
Go topics such as the use of assembly language, unsafe mappings, and
so forth.
This presentation deals with RealmDB, which is a convenient replacement for SQLite & Core Data in mobile development.
Presentation by Anton Minashkin (Software Engineer, GlobalLogic, Lviv), delivered at Mobile TechTalk Lviv on April 28, 2015.
More details - http://globallogic.com.ua/mobile-techtalk-lviv-2015-report
Dart, le nouveau langage Web de Google présenté au public en octobre 2011 a pour objectif de proposer une alternative au JavaScript.
Bien que la version finale ne soit pas encore disponible (pour cela il faudra attendre cet été), Dart est utilisable dès aujourd'hui.
Au cours de cette présentation sont introduits les éléments suivants :
- comment Dart permet de développer des applications clientes aussi bien que serveurs,
- le langage,
- les outils permettant un développement industrialisé et une productivité accrue.
This presentation helps discover some of the specific features of Java 8, (in particular, atomics and parallelism) and start using them effectively.
This presentation by Maksym Voronyi (Software Engineer, GlobalLogic) was delivered at Java.io 3.0 conference in Kharkiv on March 24, 2016, and GlobalLogic Mykolaiv Java Conference on June 11, 2016.
Lambda functions in C++ are unnamed functions contained typically within other functions and examples of their usage includes but is not limited to:
a) Specializing the behavior of an algorithm
b) Encapsulating complex expressions within a function
c) Creating callbacks to be passed onto other functions
Their syntax may look exotic, but once you get accustomed to them they can increase the readability of your software and prove to be particularly useful.
In this workshop we will learn about their syntax and demonstrate multiple real-world examples of their usage.
Next Generation Indexes For Big Data Engineering (ODSC East 2018)Daniel Lemire
Maximizing performance in data engineering is a daunting challenge. We present some of our work on designing faster indexes, with a particular emphasis on compressed indexes. Some of our prior work includes (1) Roaring indexes which are part of multiple big-data systems such as Spark, Hive, Druid, Atlas, Pinot, Kylin, (2) EWAH indexes are part of Git (GitHub) and included in major Linux distributions.
We will present ongoing and future work on how we can process data faster while supporting the diverse systems found in the cloud (with upcoming ARM processors) and under multiple programming languages (e.g., Java, C++, Go, Python). We seek to minimize shared resources (e.g., RAM) while exploiting algorithms designed for the single-instruction-multiple-data (SIMD) instructions available on commodity processors. Our end goal is to process billions of records per second per core.
The talk will be aimed at programmers who want to better understand the performance characteristics of current big-data systems as well as their evolution. The following specific topics will be addressed:
1. The various types of indexes and their performance characteristics and trade-offs: hashing, sorted arrays, bitsets and so forth.
2. Index and table compression techniques: binary packing, patched coding, dictionary coding, frame-of-reference.
Também conhecido como o “Time Lock Puzzle”, o LCS35 é um desafio em forma de criptografia projetado em 1999 pelo pesquisador Ron Rivest, do Instituto de Tecnologia de Massachusetts (MIT). Quando este problema matemático for resolvido, uma cápsula do tempo de chumbo será aberta no MIT.
O puzzle envolve a divisão de um número incrivelmente enorme, por um número que é apenas um pouco menor que o da conta (mas ainda com mais de 600 dígitos).
Ninguém sabe o que está dentro da capsula e, segundo os dados de Rivest, estima-se que levaria cerca de 35 anos para que o enigma seja resolvido. Os interessados ainda terão de esperar para descobrir o que de fato tem na capsula.
Contemporary computing hardware offers massive new performance opportunities. Yet high-performance programming remains a daunting challenge.
We present some of the lessons learned while designing faster indexes, with a particular emphasis on compressed bitmap indexes. Compressed bitmap indexes accelerate queries in popular systems such as Apache Spark, Git, Elastic, Druid and Apache Kylin.
A three-part presentation on the Swift programming language:
• An introduction to Swift for Objective-C developers
• Changes in Swift 2
• What's coming in Swift 2.2 & 3.0
Presentation on Roaring bitmaps for the Go Montreal meetup (Go 10th anniversary).
Roaring bitmaps are a standard indexing data structure. They are
widely used in search and database engines. For example, Lucene, the
search engine powering Wikipedia relies on Roaring. The Go library
roaring implements Roaring bitmaps in Go. It is used in several
popular systems such as InfluxDB, Pilosa and Bleve. This library is
used in production in several systems, it is part of the Awesome Go
collection. After presenting the library, we will cover some advanced
Go topics such as the use of assembly language, unsafe mappings, and
so forth.
This presentation deals with RealmDB, which is a convenient replacement for SQLite & Core Data in mobile development.
Presentation by Anton Minashkin (Software Engineer, GlobalLogic, Lviv), delivered at Mobile TechTalk Lviv on April 28, 2015.
More details - http://globallogic.com.ua/mobile-techtalk-lviv-2015-report
Dart, le nouveau langage Web de Google présenté au public en octobre 2011 a pour objectif de proposer une alternative au JavaScript.
Bien que la version finale ne soit pas encore disponible (pour cela il faudra attendre cet été), Dart est utilisable dès aujourd'hui.
Au cours de cette présentation sont introduits les éléments suivants :
- comment Dart permet de développer des applications clientes aussi bien que serveurs,
- le langage,
- les outils permettant un développement industrialisé et une productivité accrue.
This presentation helps discover some of the specific features of Java 8, (in particular, atomics and parallelism) and start using them effectively.
This presentation by Maksym Voronyi (Software Engineer, GlobalLogic) was delivered at Java.io 3.0 conference in Kharkiv on March 24, 2016, and GlobalLogic Mykolaiv Java Conference on June 11, 2016.
Lambda functions in C++ are unnamed functions contained typically within other functions and examples of their usage includes but is not limited to:
a) Specializing the behavior of an algorithm
b) Encapsulating complex expressions within a function
c) Creating callbacks to be passed onto other functions
Their syntax may look exotic, but once you get accustomed to them they can increase the readability of your software and prove to be particularly useful.
In this workshop we will learn about their syntax and demonstrate multiple real-world examples of their usage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
6. 2. Coq
Proof General : emacs
Proof General ~/.emacs
(load-file "***/ProofGeneral/generic/proof-site.el")
proof-site.el
Coq (*.v) Proof General
@tmiya : Coq , 6
7. 3. Coq
Coq < Definition x := 1. (* x *)
x is defined (* := *)
Coq < Check x. (* x *)
x
: nat (* nat = *)
Coq < Print x. (* x *)
x = 1
: nat
Coq < Definition x := 2. (* x *)
Error: x already exists (* --> *)
Reset x.
Module ( )
@tmiya : Coq , 7
8. 3. Coq
1 2
Coq < Definition f x y := x - y. (* f *)
f is defined
Coq < Check f.
f
: nat -> nat -> nat (* nat->(nat->nat) *)
Coq < Definition f’ := f 3. (* f’ y = f 3 y *)
f’ is defined
Coq < Check f’.
f’
: nat -> nat (* nat nat *)
Coq < Eval compute in (f’ 1). (* f’ 1 = f 3 1 = 2 *)
= 2
: nat
(
@tmiya : Coq , 8
9. 3. Coq
Coq < Check (fun x => 2 * x). (* *)
fun x : nat => 2 * x
: nat -> nat
Coq < Eval compute in ((fun x => 2 * x) 3).
= 6
: nat
Coq < Definition double := (fun x => 2 * x).
double is defined (* double *)
Coq .
@tmiya : Coq , 9
10. 3. Coq
Coq < Definition twice(f:nat->nat):nat->nat :=
Coq < fun x => f (f x).
twice is defined
Coq < Definition add5(x:nat) := x + 5.
add5 is defined
Coq < Definition twice_add5 := twice add5.
twice_add5 is defined
Coq < Eval compute in (twice_add5 2).
= 12
: nat
@tmiya : Coq , 10
11. 3.1.
int, float
Coq nat
( )
Weekday
Coq < Inductive Weekday : Set :=
Coq < Sun | Mon | Tue | Wed | Thr | Fri | Sat.
Coq < Check Sun.
Sun (* Sun *)
: Weekday (* Weekday *)
Coq < Check Weekday.
Weekday (* *)
: Set (* Set *)
Set
@tmiya : Coq , 11
12. 3.1.
(
)
Coq < Definition nextday d :=
Coq < match d with
Coq < | Sun => Mon
: (* *)
Coq < | Sat => Sun
Coq < end.
nextday is defined
Coq < Check nextday.
nextday (* *)
: Weekday -> Weekday
Coq < Eval compute in (nextday Mon).
(* *)
prevday
@tmiya : Coq , 12
13. 3.1.
Bool
Coq < Inductive Bool : Set :=
Coq < | tru : Bool
Coq < | fls : Bool.
Coq < Definition And(b1 b2:Bool):Bool :=
Coq < match b1,b2 with
Coq < | tru,tru => tru
Coq < | _,_ => fls
Coq < end.
Or, Not Eval
@tmiya : Coq , 13
15. 3.1.
De Morgan (1)
Coq < Theorem De_Morgan_1 : forall b1 b2,
Coq < Not (And b1 b2) = Or (Not b1) (Not b2).
1 subgoal
============================
forall b1 b2 : Bool,
Not (And b1 b2) = Or (Not b1) (Not b2)
De_Morgan_1 < intros.
1 subgoal (* b1 b2 *)
b1 : Bool
b2 : Bool
============================
Not (And b1 b2) = Or (Not b1) (Not b2)
@tmiya : Coq , 15
16. 3.1.
De Morgan (2)
De_Morgan_1 < destruct b1; destruct b2.
4 subgoals (* b1 b2 *)
============================
Not (And tru tru) = Or (Not tru) (Not tru)
subgoal 2 is:
Not (And tru fls) = Or (Not tru) (Not fls)
subgoal 3 is:
Not (And fls tru) = Or (Not fls) (Not tru)
subgoal 4 is:
Not (And fls fls) = Or (Not fls) (Not fls)
@tmiya : Coq , 16
17. 3.1.
De Morgan (3)
De_Morgan_1 < simpl.
4 subgoals (* *)
============================
fls = fls
(* *)
De_Morgan_1 < reflexivity.
3 subgoals (* = *)
============================
Not (And tru fls) = Or (Not tru) (Not fls)
subgoal 2 is:
Not (And fls tru) = Or (Not fls) (Not tru)
subgoal 3 is:
Not (And fls fls) = Or (Not fls) (Not fls)
@tmiya : Coq , 17
18. 3.1.
De Morgan (4)
De_Morgan_1 < simpl; reflexivity.
De_Morgan_1 < simpl; reflexivity.
De_Morgan_1 < simpl; reflexivity.
Proof completed.
De_Morgan_1 < Qed.
intros.
destruct b1; destruct b2.
simpl in |- *.
reflexivity.
simpl in |- *; reflexivity.
simpl in |- *; reflexivity.
simpl in |- *; reflexivity.
De_Morgan_1 is defined
Not (Or b1 b2) = And (Not b1) (Not b2)
@tmiya : Coq , 18
19. 3.1.
1. Yes, Maybe, No Bool3
2. Bool3 And3, Or3, Not3
3. ( ) De Morgan
@tmiya : Coq , 19
20. 3.2.
nat
nat ( )
Coq < Print nat.
Inductive nat : Set :=
O : nat
| S : nat -> nat
O( O) 0 S nat nat
Peano
Coq < Eval compute in (S (S (S O))).
= 3
: nat
S (S (S O)) Coq 3
@tmiya : Coq , 20
21. 3.2.
nat n
Coq < Fixpoint add(n m:nat):nat :=
Coq < match n with
Coq < | O => m
Coq < | S n’ => S (add n’ m)
Coq < end.
add is recursively defined (decreasing on 1st argument)
Fixpoint (
O) 0 S nat 1 nat
Peano
Coq < Eval compute in (add (S (S O)) (S O)).
= 3
: nat
(call-by-value)
@tmiya : Coq , 21
22. 3.2.
nat _,_
OK
Coq < Fixpoint eq_nat(n m:nat):bool :=
Coq < match n,m with
Coq < | O,O => true
Coq < | S n’, S m’ => eq_nat n’ m’
Coq < | _,_ => false
Coq < end.
Coq < Eval compute in (eq_nat 3 3).
le_nat le_nat n m n≤m
Coq
( )
@tmiya : Coq , 22
23. 3.2.
Coq ( )
n
({struct n} Coq )
Coq < Fixpoint add’(n m:nat){struct n} :=
Coq < match n with
Coq < | O => m
Coq < | S n’ => S (add’ n’ m)
Coq < end.
add’ is recursively defined (decreasing on 1st argument)
add’ 2 3 add’
add’ (S (S O)) 3
= S (add’ (S O) 3)
= S (S (add’ O 3)) = S (S 3) = 5.
@tmiya : Coq , 23
25. 3.2.
1. mul add
2. mul fact
3. sub n=0
sub 0 m = 0
4. div3 Eval
Fixpoint div3(n:nat) :=
match n with
| S (S (S n’)) => S (div3 n’)
| _ => O
end.
sub
div n m Coq
( )
@tmiya : Coq , 25
26. 3.3.
cond c vt vf c:bool true
vt false vf vt, vf Set A
Coq < Definition cond{A:Set}(c:bool)(vt vf:A) :=
Coq < match c with
Coq < | true => vt
Coq < | false => vf
Coq < end.
Coq < Eval compute in (cond true 2 3).
= 2 : nat
Coq < Eval compute in (cond false false true).
= true : bool
{A:Set} cond A
( )
Coq < Eval compute in (@cond nat false 2 3).
@tmiya : Coq , 26
27. 3.3.
option
( ) null
option (Haskell Maybe
) ( Coq
sumor )
Coq < Print option.
Inductive option (A : Type) : Type :=
Some : A -> option A
| None : option A
Definition option_map {A B:Type} (f:A->B)(o:option A) :=
match o with
| Some a => Some (f a)
| None => None
end.
Coq < Eval compute in (option_map (fun x => x + 1) (Some 1)).
@tmiya : Coq , 27
28. 3.3.
prod sum
prod A B A B
prod A B A * B ( x , y , .. , z )
(pair .. (pair x y) .. z)
Coq < Check (2,true,3).
(2, true, 3) : nat * bool * nat
prod fst, snd
sum A B A B
Coq < Definition test_sum (s:sum nat bool) :=
Coq < match s with
Coq < | inl n => n
Coq < | inr true => 1
Coq < | inr false => 0
Coq < end.
prod, sum Curry-Howard
@tmiya : Coq , 28
29. 3.3.
List
List List
:: cons
Type Set (Check Set.
)
Coq < Require Import List.
Coq < Print list.
Inductive list (A : Type) : Type :=
nil : list A
| cons : A -> list A -> list A
Coq < Check (1::2::nil).
1 :: 2 :: nil : list nat
@tmiya : Coq , 29
30. 3.3.
List
List List nil x::xs
Coq < Fixpoint append{A:Type}(xs ys:list A):=
Coq < match xs with
Coq < | nil => ys
Coq < | x::xs’ => x::(append xs’ ys)
Coq < end.
Coq < Eval compute in (append (1::2::nil) (3::4::nil)).
Coq < Fixpoint olast{A:Type}(xs:list A):option A :=
Coq < match xs with
Coq < | nil => None
Coq < | a::nil => Some a
Coq < | _::xs’ => olast xs’
Coq < end.
Coq < Eval compute in (olast (1::2::3::nil)).
@tmiya : Coq , 30
31. 3.3.
List
1. len{A:Type}(xs:list A):nat
Eval compute in (len (1::2::3::nil)).
2. list bool true true
all_true(xs:list bool):bool nil
true
3. x Some x
None ohead{A:Type}(xs:list A):option A
4. s, n s :: s+1 :: ... :: (s+n-1) :: nil
nat_list(s n:nat):list nat
5. reverse{A:Type}(xs:list A):list A
append
@tmiya : Coq , 31
32. 4.
Bool De Morgan
P Q ¬(P ∧ Q) ¬P ∨ ¬Q
F F T T
F T T T
T F T T
T T F F
Bool, nat Inductive
(nat O
S n )
Coq Prop
(
)
@tmiya : Coq , 32
33. 4.
P P ¬P
( )
ab a, b
√
√ √ 2
1. a = b = 2 a, b ab = 2
√ √2 √
2. ab √
a = √2 , b = 2
√
a, b
√ 2 √2 √ 2 2 √ 2
ab = ( 2 ) = 2 = 2 =2
√
√ 2
2 (P) (~P)
ab a, b
ab a, b
@tmiya : Coq , 33
34. 4.
( )
Modus Ponens
A A B
B (Γ = (
) )
Γ A Γ A → B (→ )
Γ B
( )→
Coq
B Hab : A → B apply Hab. tactic
A Ha : A
exact Ha.
@tmiya : Coq , 34
35. 4.
Coq tactic
tactic assumption.
exact H. trivial.
...
H : A
...
------------------------
A
exact .
A∈Γ
( )
Γ A
@tmiya : Coq , 35
36. 4.1. →
→
A → B (CUI A -> B )
A intro Ha. tactic
Ha : A B
Coq
...
Γ, A B
(→ )
Γ A→B
H1 → H2 → · · · → Hn → B intros H1 H2 ... Hn.
intro intro. intros.
Coq
→ Modus Ponens
tactic apply .
@tmiya : Coq , 36
37. 4.1. →
→ (1)
tactic
Set P Prop
P P P p : P
( Set, Prop
Type )
Section imp_sample.
Variables P Q R : Prop.
Theorem imp_sample : (P -> (Q -> R)) -> (P -> Q) -> P -> R.
1 subgoal
============================
(P -> Q -> R) -> (P -> Q) -> P -> R
=== tactic
→ intro(s)
@tmiya : Coq , 37
38. 4.1. →
→ (2)
→ intros tactic
intro(s)
imp_sample < intros pqr pq p.
1 subgoal
pqr : P -> Q -> R
pq : P -> Q
p : P
============================
R
R pqr
apply pqr.
@tmiya : Coq , 38
39. 4.1. →
→ (3)
R apply pqr. pqr
P -> Q -> P Q
imp_sample < apply pqr.
2 subgoals
pqr : P -> Q -> R
pq : P -> Q
p : P
============================
P
subgoal 2 is:
Q
P assumption.
@tmiya : Coq , 39
40. 4.1. →
→ (4)
P assumption. Q
imp_sample < assumption.
1 subgoal
pqr : P -> Q -> R
pq : P -> Q
p : P
============================
Q
Q
@tmiya : Coq , 40
41. 4.1. →
→ (5)
imp_sample < apply pq.
1 subgoal
pqr : P -> Q -> R
pq : P -> Q
p : P
============================
P
imp_sample < assumption.
Proof completed.
imp_sample < Qed.
Qed.
@tmiya : Coq , 41
42. 4.2. ∧
∧ (1)
P ∧Q P Q
pq : P / Q destruct pq as [p q].
tactic p : P q : Q
destruct pq. p,q Coq
P ∧Q P Q
P ∧Q split. tactic
P / Q P, Q
Coq < Variable P Q R:Prop.
Coq < Theorem and_assoc : (P/Q)/R -> P/(Q/R).
1 subgoal
============================
(P / Q) / R -> P / Q / R
@tmiya : Coq , 42
43. 4.2. ∧
∧ (2)
intro → ∧
and_assoc < intro pqr.
1 subgoal
pqr : (P / Q) / R
============================
P / Q / R
and_assoc < destruct pqr as [[p q] r].
1 subgoal
p : P
q : Q
r : R
============================
P / Q / R
@tmiya : Coq , 43
45. 4.3. ∨
∨ (1)
P ∨Q P Q
pq : P / Q
destruct pq as [pq].— tactic
p : P q : Q
destruct pq. p,q Coq
P ∨Q P Q
P ∨Q left. right. tactic
P Q
Coq < Variable P Q R:Prop.
Coq < Theorem or_assoc : (P/Q)/R -> P/(Q/R).
1 subgoal
============================
(P / Q) / R -> P / Q / R
@tmiya : Coq , 45
46. 4.3. ∨
∨ (2)
intro → ∨
and_assoc < intro pqr.
or_assoc < destruct pqr as [[p|q]|r].
3 subgoals
p : P
============================
P / Q / R
subgoal 2 is:
P / Q / R
subgoal 3 is:
P / Q / R
@tmiya : Coq , 46
47. 4.3. ∨
∨ (3)
assumption
or_assoc < left.
3 subgoals
p : P
============================
P
or_assoc < assumption.
2 subgoals
q : Q
============================
P / Q / R
or_assoc < right; left.
2 subgoals
q : Q
============================
Q
OK
@tmiya : Coq , 47
48. 4.4. ¬
¬ (1)
¬P P → False False
Inductive False : Prop :=
~P intro p. p : P
False
H : False elim H.
np : ~P elim np.
P
(¬¬P P ) (
)
@tmiya : Coq , 48
50. 4.4. ¬
¬ (3)
neg_sample < destruct H as [p np].
1 subgoal
p : P
np : ~ P
============================
False
neg_sample < elim np.
p : P
np : ~ P
============================
P
neg_sample < assumption.
Proof completed.
@tmiya : Coq , 50
51. 4.4. ¬
Variable A B C D:Prop.
Theorem ex4_1 : (A -> C) / (B -> D) / A / B -> C / D.
Theorem ex4_2 : ~~~A -> ~A.
Theorem ex4_3 : (A -> B) -> ~B -> ~A.
Theorem ex4_4 : ((((A -> B) -> A) -> A) -> B) -> B.
Theorem ex4_5 : ~~(A/~A).
@tmiya : Coq , 51
52. 5. Curry-Howard
Curry-Howard (1)
Theorem imp_sample’ : (P -> (Q -> R)) -> (P -> Q) -> P -> R.
imp_sample’ < intros pqr pq p.
imp_sample’ < Check pq.
pq
: P -> Q
imp_sample’ < Check (pq p).
pq p
: Q
pq P -> Q P
Q pq p
Q
@tmiya : Coq , 52
53. 5. Curry-Howard
Curry-Howard (2)
pqr, pq, p R
exact tactic
imp_sample’ < Check (pqr p (pq p)).
pqr p (pq p)
: R
imp_sample’ < exact (pqr p (pq p)).
Proof completed.
imp_sample Print
Coq < Print imp_sample.
imp_sample =
fun (pqr : P -> Q -> R) (pq : P -> Q) (p : P) => pqr p (pq p)
: (P -> Q -> R) -> (P -> Q) -> P -> R
@tmiya : Coq , 53
54. 5. Curry-Howard
Curry-Howard (3)
P P
P→Q P -> Q
Γ P ΓP→Q
(→ ) pq p
Γ Q
Γ, P Q
(→ ) pq (p:P):Q
Γ P→Q
P ∧Q prod { (P,Q)
inl P
P ∨Q sum
inr Q
Curry-Howard
Curry-Howard
=
Coq
@tmiya : Coq , 54
55. 5. Curry-Howard
Curry-Howard (4)
Coq ( )
Java
(P → Q → R) → (P → Q) → P → R
interface Fun<A,B> {
public B apply(A a);
}
public class P {}
public class Q {}
public class R {}
public class Proof {
public R imp_sample(Fun<P,Fun<Q,R>> pqr, Fun<P,Q> pq, P p) {
return pqr.apply(p).apply(pq.apply(p));
}
}
(Java prod sum
¬ Java
)
@tmiya : Coq , 55
56. 6.
a:A P a (∀a : A, P a) : forall (a:A), P a
a:A P a (∃a : A, P a) : exists (a:A), P a
Coq P a:A P a:Prop
A -> Prop
Coq
a:A P : A → Prop
Coq < Definition iszero(n:nat):Prop :=
Coq < match n with
Coq < | O => True
Coq < | _ => False
Coq < end.
iszero is defined
@tmiya : Coq , 56
57. 6.
∀ (1)
forall intro(s) forall x:X
x:X ->
Coq < Theorem sample_forall : forall (X:Type)(P Q:X->Prop)(x:X),
P x -> (forall y:X, Q y) -> (P x / Q x).
============================
forall (X : Type) (P Q : X -> Prop) (x : X),
P x -> (forall y : X, Q y) -> P x / Q x
sample_forall < intros X P Q x px Hqy.
X : Type
P : X -> Prop
Q : X -> Prop
x : X
px : P x
Hqy : forall y : X, Q y
============================
P x / Q x
@tmiya : Coq , 57
58. 6.
∀ (2)
forall y:X y X
sample_forall < split. (* P x Q x *)
sample_forall < assumption. (* P x px *)
1 subgoal
X : Type
P : X -> Prop
Q : X -> Prop
x : X
px : P x
Hqy : forall y : X, Q y
============================
Q x
sample_forall < apply (Hqy x). (* Hqy y x *)
Proof completed.
@tmiya : Coq , 58
59. 6.2. ∃
∃ (1)
Coq < Theorem sample_exists : forall (P Q:nat->Prop),
Coq < (forall n, P n) -> (exists n, Q n) ->
Coq < (exists n, P n / Q n).
sample_exists < intros P Q Hpn Hqn.
1 subgoal
P : nat -> Prop
Q : nat -> Prop
Hpn : forall n : nat, P n
Hqn : exists n : nat, Q n
============================
exists n : nat, P n / Q n
@tmiya : Coq , 59
60. 6.2. ∃
∃ (2)
exists destruct
sample_exists < intros P Q Hpn Hqn.
P : nat -> Prop
Q : nat -> Prop
Hpn : forall n : nat, P n
Hqn : exists n : nat, Q n
============================
exists n : nat, P n / Q n
sample_exists < destruct Hqn as [n’ qn’].
P : nat -> Prop
Q : nat -> Prop
Hpn : forall n : nat, P n
n’ : nat
qn’ : Q n’
============================
exists n : nat, P n / Q n
@tmiya : Coq , 60
61. 6.2. ∃
∃ (3)
exists x:X x:X
exists x.
sample_exists < destruct Hqn as [n’ qn’].
:
Hpn : forall n : nat, P n
n’ : nat
qn’ : Q n’
============================
exists n : nat, P n / Q n
sample_exists < exists n’.
:
Hpn : forall n : nat, P n
n’ : nat
qn’ : Q n’
============================
P n’ / Q n’ (* *)
@tmiya : Coq , 61
62. 6.2. ∃
Theorem ex5_1 : forall (A:Set)(P:A->Prop),
(~ exists a, P a) -> (forall a, ~P a).
Theorem ex5_2 : forall (A:Set)(P Q:A->Prop),
(exists a, P a / Q a) ->
(exists a, P a) / (exists a, Q a).
Theorem ex5_3 : forall (A:Set)(P Q:A->Prop),
(exists a, P a) / (exists a, Q a) ->
(exists a, P a / Q a).
Theorem ex5_4 : forall (A:Set)(R:A->A->Prop),
(exists x, forall y, R x y) -> (forall y, exists x, R x y).
Theorem ex5_5 : forall (A:Set)(R:A->A->Prop),
(forall x y, R x y -> R y x) ->
(forall x y z, R x y -> R y z -> R x z) ->
(forall x, exists y, R x y) -> (forall x, R x x).
@tmiya : Coq , 62
63. 6.3. =
= (1)
eq (= )
Inductive eq (A : Type) (x : A) : A -> Prop :=
refl_equal : x = x
Coq
(nat bool )
(nat O Sn )
(S m Sn m=n )
============================
n = n
apply (refl_equal n).
tactic reflexivity.
@tmiya : Coq , 63
64. 6.3. =
= (2)
plus Print plus.
tactic simpl.
Coq < Theorem plus_0_l : forall n, 0 + n = n.
plus_0_l < intro n.
n : nat
============================
0 + n = n
plus_0_l < simpl.
n : nat
============================
n = n
plus_0_l < reflexivity.
Proof completed.
@tmiya : Coq , 64
65. 6.4.
(1)
∀n : nat, n + 0 = n simpl.
============================
n + 0 = n
plus_0_r < simpl.
============================
n + 0 = n
plus n m n
n
1. n = 0 n+0=n
2. n = n n+0=n n=Sn
n+0=n
@tmiya : Coq , 65
66. 6.4.
(2)
n induction n as [|n’].
induction n. tactic Coq nat_ind
(P )
Coq < Check nat_ind.
nat_ind : forall P : nat -> Prop, P 0 ->
(forall n : nat, P n -> P (S n)) ->
forall n : nat, P n
nat_ind nat O : nat S : nat -> nat
Inductive
bool bool_ind
bool_ind : forall P : bool -> Prop,
P true -> P false ->
forall b : bool, P b
@tmiya : Coq , 66
67. 6.4.
(3)
induction n as [|n’]. n 0 S n’
reflexivity. OK (simpl.
)
Coq < Theorem plus_0_r : forall n:nat, n + 0 = n.
plus_0_r < induction n as [|n’].
2 subgoals
============================
0 + 0 = 0
subgoal 2 is:
S n’ + 0 = S n’
plus_0_r < reflexivity.
1 subgoal
n’ : nat
IHn’ : n’ + 0 = n’
============================
S n’ + 0 = S n’
@tmiya : Coq , 67
68. 6.4.
(4)
n = S n’ n = n’ IHn’
S n’ + 0 = S n’ simpl. plus
S (n’ + 0)= S n’ IHn’ n’ + 0 n’
rewrite IHn’. rewrite
============================
S n’ + 0 = S n’
plus_0_r < simpl.
IHn’ : n’ + 0 = n’
============================
S (n’ + 0) = S n’
plus_0_r < rewrite IHn’.
IHn’ : n’ + 0 = n’
============================
S n’ = S n’
@tmiya : Coq , 68
69. 6.4.
:m + n = n + m
SearchAbout
Coq < SearchAbout plus.
plus_n_O: forall n : nat, n = n + 0
plus_O_n: forall n : nat, 0 + n = n
plus_n_Sm: forall n m : nat, S (n + m) = n + S m
plus_Sn_m: forall n m : nat, S n + m = S (n + m)
mult_n_Sm: forall n m : nat, n * m + n = n * S m
rewrite (
rewrite <- plus_n_Sm n’ m. rewrite H. H
rewrite <- H. )
Theorem plus_comm : forall m n:nat, m + n = n + m.
@tmiya : Coq , 69
70. 6.4.
(5)
nat list A
Theorem length_app : forall (A:Type)(l1 l2:list A),
length (l1 ++ l2) = length l1 + length l2.
list cons
induction l1 as [|a l1’]. (
induction l1.)
induction
( l2) intro
1. intros A l1 l2. induction l1 as [|a l1’].
2. intros A l1. induction l1 as [|a l1’]. intro l2.
IHl1’
(Coqtop Undo.
)
@tmiya : Coq , 70
71. 6.4.
: (1)
List append reverse
Require Import List.
Fixpoint append{A:Type}(l1 l2:list A):=
match l1 with
| nil => l2
| a::l1’ => a::(append l1’ l2)
end.
Fixpoint reverse{A:Type}(l:list A):=
match l with
| nil => nil
| a::l’ => append (reverse l’) (a::nil)
end.
Theorem reverse_reverse : forall (A:Type)(l:list A),
reverse (reverse l) = l.
@tmiya : Coq , 71
73. 7.
(1)
Coq
nat minus(n m:nat) n≤m
0
n−m+m =n ( )
sub
Definition sub(m n:nat)(H:le n m) : {x:nat|x+n=m}.
1. H n≤m n≤m
2. x = m−n x +n = m
( exists x:nat, x+n=m.
)
@tmiya : Coq , 73
74. 7.
(2)
Coq
exists
nat Arith
Require Import Arith. (* Arith *)
Definition sub(m n:nat)(H:le n m) : {x:nat|x+n=m}.
m : nat
n : nat
H : n <= m
============================
{x : nat | x + n = m}
m, n intro generalize dependent
sub < generalize dependent m.
sub < generalize dependent n.
============================
forall n m : nat, n <= m -> {x : nat | x + n = m}
@tmiya : Coq , 74
75. 7.
(3)
eapply, erewrite
apply, rewrite Qed. Defined.
m n H
induction n as [|n’].
(* n=0. m - n = m - 0 = m. exists m *)
intros m H. exists m. eapply plus_0_r.
(* n=S n’ *)
induction m as [|m’]; intro H.
(* m=0. m - n = 0 - (S n’) < 0 *)
assert(H’: ~(S n’ <= 0)). eapply le_Sn_0.
elim H’. assumption.
(* m=S m’. S m’- S n’ = m’ - n’. IHn’ *)
assert(H’: n’ <= m’). eapply le_S_n. assumption.
assert(IH: {x:nat|x+n’=m’}). eapply IHn’. assumption.
destruct IH as [x IH]. exists x.
erewrite <- plus_n_Sm. rewrite IH. reflexivity.
Defined.
@tmiya : Coq , 75
76. 7.
(4)
sub Print sub.
sub OCaml
minus
Coq < Extraction sub.
(** val sub : nat -> nat -> nat **)
let rec sub m = function
| O -> m
| S n0 ->
(match m with
| O -> assert false (* absurd case *)
| S n1 -> let iH = sub n1 n0 in Obj.magic iH)
OCaml H
@tmiya : Coq , 76
77. 7.
(5)
H
Theorem le_2_5 : le 2 5.
Proof. repeat eapply le_n_S. repeat constructor. Qed.
Eval compute in (sub 5 2 le_2_5). (* *)
Eval compute in (proj1_sig (sub 5 2 le_2_5)).
(* = 3:nat *)
{x|x+n=m} x
proj1_sig
@tmiya : Coq , 77
78. 7.
minus
sub minus
Definition sub’(m n:nat)(H:le n m) : {x:nat|x+n=m}.
Proof.
(* minus *)
Defined.
Coq
1. minus minus
2. minus sub’
3. refine tactic
(refine )
4. sub
@tmiya : Coq , 78
80. 8.
Interactive Theorem Proving and Program Development. Coq’Art:
The Calculus of Inductive Constructions, Yves Berrot and Pierre
Casteran (Springer-Verlag) : Coq
Certified Programming with Dependent Types, Adam Chlipala
(http://adam.chlipala.net/cpdt/) : Coq
2010 III
(http://www.math.nagoya-u.ac.jp/~garrigue/lecture/
2010_AW/index.html) : Garrigue
PDF
Coq in a Hurry, Yves Bertot
(http://cel.archives-ouvertes.fr/docs/00/47/
58/07/PDF/coq-hurry.pdf) :
2nd Asian-Pacific Summer School on Formal Methods
(http://formes.asia/cms/coqschool/2010) :
@tmiya : Coq , 80
82. 8.
Formal Methods Forum
Coq ( )
( )
Google group
Coq
2010 Certified Programming with Dependent Types
Coq
Google group
(http://groups.google.co.jp/group/fm-forum)
Coq
@tmiya : Coq , 82