diff options
Diffstat (limited to 'doc/RefMan-gal.tex')
-rw-r--r-- | doc/RefMan-gal.tex | 1209 |
1 files changed, 1209 insertions, 0 deletions
diff --git a/doc/RefMan-gal.tex b/doc/RefMan-gal.tex new file mode 100644 index 000000000..ac7182630 --- /dev/null +++ b/doc/RefMan-gal.tex @@ -0,0 +1,1209 @@ +\chapter{The {\sf Gallina} specification language} +\label{Gallina}\index{Gallina} + +This chapter describes \gallina, the specification language of Coq. +It allows to develop mathematical theories and to prove specifications +of programs. The theories are built from axioms, hypotheses, +parameters, lemmas, theorems and definitions of constants, functions, +predicates and sets. The syntax of logical objects involved in +theories is described in section \ref{term}. The language of +commands, called {\em The Vernacular} is described in section +\ref{Vernacular}. + +In Coq, logical objects are typed to ensure their logical +correctness. The rules implemented by the typing algorithm are described in +chapter \ref{Cic}. + +\subsection*{About the grammars in the manual} + +Grammars are presented in Backus-Naur form (BNF). Terminal symbols are +set in {\tt typewriter font}. In addition, there are special +notations for regular expressions. + +An expression enclosed in square brackets \zeroone{\ldots} means at +most one occurrence of this expression (this corresponds to an +optional component). + +The notation ``\nelist{\gensymbol}{sep}'' stands for a non empty +sequence of expressions parsed by the ``{\gensymbol}'' entry and +separated by the literal ``{\tt sep}''\footnote{This is similar to the +expression ``{\gensymbol} $\{$ {\tt sep} {\gensymbol} $\}$'' in +standard BNF, or``{\gensymbol} $($ {\tt sep} {\gensymbol} $)$*'' in +the syntax of regular expressions.}. + +Similarly, the notation ``\nelist{\gensymbol}{}'' stands for a non +empty sequence of expressions parsed by the ``{\gensymbol}'' entry, +without any separator between. + +At the end, the notation ``\sequence{\gensymbol}{\tt sep}'' stands for a +possibly empty sequence of expressions parsed by the ``{\gensymbol}'' entry, +separated by the literal ``{\tt sep}''. + +\section{Lexical conventions} +\label{lexical}\index{Lexical conventions} + +\paragraph{Blanks} +Space, newline and horizontal tabulation are considered as blanks. +Blanks are ignored but they separate tokens. + +\paragraph{Comments} + +Comments in {\Coq} are enclosed between {\tt (*} and {\tt + *)}\index{Comments}, and can be nested. Comments are treated as +blanks. + +\paragraph{Identifiers} + +Identifiers, written {\ident}, are sequences of letters, digits, +\verb!_!, \verb!$! %$ +and \verb!'!, that do not start with a digit or \verb!'!. That is, +they are recognized by the following lexical class: + +\index{ident@\ident} +\begin{center} +\begin{tabular}{rcl} +{\firstletter} & ::= & \ml{a..z}\op\ml{A..Z}\op\ml{\_}\op\ml{\$} \\ +{\subsequentletter} & ::= & \ml{a..z}\op\ml{A..Z}\op\ml{0..9}\op\ml{\_}\op\ml{\$}\op\ml{'} \\ +{\ident} & ::= & {\firstletter}\sequencewithoutblank{\subsequentletter}{}\\ +\end{tabular} +\end{center} +Identifiers can contain at most 80 characters, and all characters are +meaningful. In particular, identifiers are case-sensitive. + +\paragraph{Natural numbers and integers} +Numerals are sequences of digits. Integers are numerals optionally preceded by a minus sign. + +\index{num@{\num}} +\begin{center} +\begin{tabular}{r@{\quad::=\quad}l} +{\digit} & \ml{0..9} \\ +{\num} & \nelistwithoutblank{\digit}{} \\ +{\integer} & \zeroone{\ml{-}}{\num} \\ +\end{tabular} +\end{center} + +\paragraph{Strings} +Strings are delimited by \verb!"! (double quote), and enclose a +sequence of any characters different from \verb!"! and \verb!\!, or +one of the following sequences +\begin{center} +\begin{tabular}{|l|l|} +\hline +Sequence & Character denoted \\ +\hline +\verb"\\" & backslash (\verb"\") \\ +\verb'\"' & double quote (\verb'"') \\ +\verb"\n" & newline (LF) \\ +\verb"\r" & return (CR) \\ +\verb"\t" & horizontal tabulation (TAB) \\ +\verb"\b" & backspace (BS) \\ +\verb"\"$ddd$ & the character with ASCII code $ddd$ in decimal \\ +\hline +\end{tabular} +\end{center} +Strings can be split on several lines using a backslash (\verb!\!) at +the end of each line, just before the newline. For instance, + +\begin{flushleft} +\begin{small} +\begin{verbatim} +AddPath "$COQLIB/\ +contrib/Rocq/LAMBDA". +\end{verbatim} +\end{small} +\end{flushleft} + +is correctly parsed, and equivalent to + +\begin{coq_example*} +AddPath "$COQLIB/contrib/Rocq/LAMBDA". +\end{coq_example*} + +\paragraph{Keywords} +The following identifiers are reserved keywords, and cannot be +employed otherwise: +\begin{center} +\begin{tabular}{lllll} +\verb!as! & +\verb!end! & +\verb!in! & +\verb!of! & +\verb!using! \\ +\verb!with! & +\verb!Axiom! & +\verb!Cases! & +\verb!CoFixpoint! & +\verb!CoInductive!\\ +\verb!Compile! & +\verb!Definition! & +\verb!Fixpoint! & +\verb!Grammar! & +\verb!Hypothesis! \\ +\verb!Inductive! & +\verb!Load! & +%%\verb!Orelse! & +\verb!Parameter! & +\verb!Proof! & +\verb!Prop! \\ +\verb!Qed! & +\verb!Quit! & +\verb!Set! & +\verb!Syntax! & +\verb!Theorem! \\ +\verb!Type! & +\verb!Variable! & & & +\end{tabular} +\end{center} + +Although they are not considered as keywords, it is not advised to use +words of the following list as identifiers: +\begin{center} +\begin{tabular}{lllll} +\verb!Add! & +\verb!AddPath! & +\verb!Abort! & +\verb!Abstraction!& +\verb!All! \\ +\verb!Begin! & +\verb!Cd! & +\verb!Chapter! & +\verb!Check! & +\verb!Compute! \\ +% \verb!Conjectures! \\ que dans Show Conjectures sans conflit avec ident +\verb!Defined! & +\verb!DelPath! & +\verb!Drop! & +\verb!End! & +\verb!Eval! \\ +% \verb!Explain! n'est pas documente +\verb!Extraction! & +\verb!Fact! & +\verb!Focus! & +% \verb!for! n'intervient que pour Scheme ... Induction ... sans conflit +% \verb!Go! n'est pas documente et semble peu robuste aux erreurs +\verb!Goal! & +\verb!Guarded! \\ +\verb!Hint! & +\verb!Immediate! & +\verb!Induction! & +\verb!Infix! & +\verb!Inspect! \\ +\verb!Lemma! & +\verb!Let! & +\verb!LoadPath! & +\verb!Local! & +\verb!Minimality! \\ +\verb!ML! & +\verb!Module! & +\verb!Modules! & +\verb!Mutual! & +% \verb!Node! que dans Show Node sans conflit avec ident +\verb!Opaque! \\ +\verb!Parameters! & +\verb!Print! & +\verb!Pwd! & +\verb!Remark! & +\verb!Remove! \\ +\verb!Require! & +\verb!Reset! & +\verb!Restart! & +\verb!Restore! & +\verb!Resume! \\ +\verb!Save! & +\verb!Scheme! & +% \verb!Script! que dans Show Script sans conflit avec ident +\verb!Search! & +\verb!Section! & +\verb!Show! \\ +\verb!Silent! & +\verb!State! & +\verb!States! & +\verb!Suspend! & +\verb!Syntactic! \\ +\verb!Test! & +\verb!Transparent!& +% \verb!Tree! que dans Show Tree et Explain Proof Tree sans conflit avec id +\verb!Undo! & +\verb!Unset! & +\verb!Unfocus! \\ +\verb!Variables! & +\verb!Write! & & & +\end{tabular} +\end{center} + +\paragraph{Special tokens} +The following sequences of characters are special tokens: +\begin{center} +\begin{tabular}{lllllll} +\verb!|! & +\verb!:! & +\verb!:=! & +\verb!=! & +\verb!>! & +\verb!>>! & +\verb!<>! \\ +\verb!<<! & +\verb!<! & +\verb!->! & +\verb!;! & +\verb!#! & +\verb!*! & +\verb!,! \\ +\verb!?! & +\verb!@! & +\verb!::! & +\verb!/! & +\verb!<-! & +\verb!=>! & +\end{tabular} +\end{center} + +Lexical ambiguities are resolved according to the ``longest match'' +rule: when a sequence of non alphanumerical characters can be decomposed +into several different ways, then the first token is the longest +possible one (among all tokens defined at this moment), and so on. + +\section{Terms}\label{term}\index{Terms} +\subsection{Syntax of terms} + +Figure \ref{term-syntax} describes the basic set of terms which form +the {\em Calculus +of Inductive Constructions} (also called \CIC). The formal +presentation of {\CIC} is given in chapter \ref{Cic}. Extensions of +this syntax are given in chapter +\ref{Gallina-extension}. How to customize the syntax is described in +chapter \ref{Addoc-syntax}. + +\begin{figure}[htb] +\begin{tabular}{|lcl|} +\hline +{\term} & ::= & \ident\\ + & $|$ & \sort \\ + & $|$ & {\term} {\tt ->} {\term} \\ + & $|$ & {\tt (} {\nelist{\typedidents}{;}} {\tt )} {\term}\\ + & $|$ & {\tt [} {\nelist{\idents}{;}} {\tt ]} {\term}\\ + & $|$ & {\tt (} \nelist{\term}{} {\tt )}\\ + & $|$ & {\tt \zeroone{\annotation}} {\tt Cases} {\term} {\tt of} + \sequence{\eqn}{|} {\tt end}\\ + & $|$ & {\tt Fix} {\ident} \verb.{. \nelist{\fixpointbody}{with} \verb.}.\\ + & $|$ & {\tt CoFix} {\ident} \verb.{. \nelist{\cofixpointbody}{with} \verb.}.\\ + & & \\ +{\sort} & ::= & {\tt Prop} \\ + & $|$ & {\tt Set} \\ + & $|$ & {\tt Type} \\ + & & \\ +{\annotation} & ::= & \verb!<! {\term} \verb!>!\\ + & & \\ +{\typedidents} & ::= & \nelist{\ident}{,} {\tt :} {\term}\\ +{\idents} & ::= & \nelist{\ident}{,} \zeroone{{\tt :} {\term}}\\ + & & \\ +{\fixpointbody} & ::= & {\ident} {\tt [} \nelist{\typedidents}{;} {\tt ]}\verb.:. + {\term} \verb.:=. {\term} \\ +{\cofixpointbody} & ::= & {\ident} \verb.:. + {\term} \verb.:=. {\term} \\ + & &\\ +{\simplepattern} & ::= & {\ident} \\ + & $|$ & \verb!(! \nelist{\ident}{} \verb!)! \\ +{\eqn} & ::= & {\simplepattern} ~\verb!=>! ~\term \\ +\hline +\end{tabular} +\caption{Syntax of terms} +\label{term-syntax} +\index{term@{\term}} +\index{sort@{\sort}} +\end{figure} + +%%%%%%% +\subsection{Identifiers} + +Identifiers denotes either {\em variables}, {\em constants}, +{\em inductive types} or {\em constructors of inductive types}. + +\subsection{Sorts}\index{Sorts} +\index{Type@{\Type}} +\index{Set@{\Set}} +\index{Prop@{\Prop}} +\index{Sorts} +\label{Gallina-sorts} + +There are three sorts \Set, \Prop\ and \Type. + +\begin{itemize} +\item \Prop\ is the universe of {\em logical propositions}. +The logical propositions themselves are typing the proofs. +We denote propositions by {\form}. This constitutes a semantic +subclass of the syntactic class {\term}. +\index{form@{\form}} +\item \Set\ is is the universe of {\em program +types} or {\em specifications}. +The specifications themselves are typing the programs. +We denote specifications by {\specif}. This constitutes a semantic +subclass of the syntactic class {\term}. +\index{specif@{\specif}} +\item {\Type} is the type of {\Set} and {\Prop} +\end{itemize} + +\noindent More on sorts can be found in section \ref{Sorts}. + +\subsection{Types} + +{\Coq} terms are typed. {\Coq} types are recognized by the same +syntactic class as {\term}. We denote by {\type} the semantic subclass +of types inside the syntactic class {\term}. +\index{type@{\type}} + +\subsection{Abstractions} +\index{abstractions} + +The expression ``{\tt [} {\ident} {\tt :} \type {\tt ]} +{\term}'' denotes the {\em abstraction} of the variable {\ident} +of type {\type}, over the term {\term}. + +One can abstract several variables successively: +the notation {\tt [} {\ident$_{1}$} {\tt ,} {\ldots} {\tt ,} +{\ident$_{n}$} {\tt :} \type {\tt ]} {\term} stands for +{\tt [} {\ident$_{1}$} {\tt :} \type {\tt ](} {\ldots} +{\tt ([} {\ident$_{n}$} {\tt :} \type {\tt ]} {\term} {\tt )} +\ldots {\tt )} and the notation {\tt [} {\typedidents$_{1}$} {\tt ;} +{\ldots} {\tt ;} {\typedidents$_{m}$} {\tt ]} {\term} is a shorthand +for {\tt [}~{\typedidents$_{1}$} {\tt ](} {\ldots} {\tt ([} +{\typedidents$_{m}$} {\tt ]} {\term} {\tt )}\\ {\tt [} {\ident$_{1}$} +{\tt ,} {\ldots} {\tt ,} {\ident$_{n}$} {\tt :} \type {\tt ]} {\term}. + +\medskip +\Rem The types of variables may be omitted in an +abstraction when they can be synthetized by the system. + +\subsection{Products} +\index{products} + +The expression ``{\tt (}~{\ident} {\tt :} \type {\tt )} +{\term}'' denotes the {\em product} of the variable {\ident} +of type {\type}, over the term {\term}. + +Similarly, the expression {\tt (} {\ident$_{1}$} {\tt ,} {\ldots} {\tt +,} {\ident$_{n}$} {\tt :} \type {\tt )} {\term} is equivalent to {\tt +(} {\ident$_{1}$} {\tt :} \type {\tt )(} {\ldots} {\tt ((} +{\ident$_{n}$} {\tt :} \type {\tt )} {\term} {\tt )} \ldots {\tt )} +and the expression {\tt (} {\typedidents$_{1}$} {\tt ;} {\ldots} {\tt +;} {\typedidents$_{m}$} {\tt )} {\term} is a equivalent to {\tt +(}~{\typedidents$_{1}$} {\tt )(} {\ldots} {\tt ((} +{\typedidents$_{m}$} {\tt )} {\term} {\tt )} \ldots {\tt )} + +\subsection{Applications} +\index{applications} + +{\tt (}\term$_0$ \term$_1${\tt)} denotes the application of + term \term$_0$ to \term$_1$. + +The expression {\tt (}\term$_0$ \term$_1$ ... \term$_n${\tt)} +denotes the application of the term \term$_0$ to the arguments +\term$_1$ ... then \term$_n$. It is equivalent to {\tt (} {\ldots} +{\tt (} {\term$_0$} {\term$_1$} {\tt )} {\ldots} {\term$_n$} {\tt )}: +associativity is to the left. + +\subsection{Definition by case analysis} +\index{Cases@{\tt Cases\ldots of\ldots end}} + +In a simple pattern \verb!(! \nelist{\ident}{} \verb!)!, the first {\ident} +is intended to be a constructor. + +The expression {\tt \zeroone{\annotation}} {\tt Cases} {\term$_0$} {\tt of} +{\pattern$_1$} {\tt =>} {\term$_1$} {\tt $|$} {\ldots} {\tt $|$} +{\pattern$_n$} {\tt =>} {\term$_n$} {\tt end}, denotes a +{\em pattern-matching} over the term {\term$_0$} (expected to be of an +inductive type). + +The {\annotation} is the resulting type of the whole {\tt Cases} +expression. Most of the time, when this type is the same as the +types of all the {\term$_i$}, the annotation is not needed\footnote{except +if no equation is given, to match the term in an empty type, e.g. the +type \texttt{False}}. The annotation has to be given when the +resulting type of the whole {\tt Cases} depends on the actual {\term$_0$} +matched. + + +\subsection{Recursive functions} +\index{Fix@{Fix \ident$_i$\{\dots\}}} + +The expression {\tt Fix} {\ident$_i$} \verb.{. \ident$_1$ {\tt [} +\binders$_1$ {\tt ] :} {\type$_1$} \texttt{:=} \term$_1$ +{\tt with} {\ldots} +{\tt with} \ident$_n$ {\tt [} \binders$_n$~{\tt{]} :} {\type$_n$} +\texttt{:=} \term$_n$ \verb.}. denotes +the $i$th component of a block of functions defined by mutual +well-founded recursion. + +The expression {\tt CoFix} {\ident$_i$} \verb.{. \ident$_1$ +{\tt :} {\type$_1$} {\tt with} {\ldots} {\tt with} +\ident$_n$ {\tt [} \binders$_n$ {\tt ] :} {\type$_n$} \verb.}. denotes +the $i$th component of a block of terms defined by a mutual guarded recursion. + +\section{\em The Vernacular} +\label{Vernacular} + +Figure \ref{sentences-syntax} describes {\em The Vernacular} which is the +language of commands of \gallina. A sentence of the vernacular +language, like in many natural languages, begins with a capital letter +and ends with a dot. +\begin{figure} +\label{sentences-syntax} +\begin{tabular}{|lcl|} +\hline +{\sentence} & ::= & {\declaration} \\ + & $|$ & {\definition} \\ + & $|$ & {\statement} \\ + & $|$ & {\inductive} \\ + & $|$ & {\fixpoint} \\ + & $|$ & {\statement} ~~ {\proof} \\ + & & \\ +{\params} & ::= & \nelist{\typedidents}{;} \\ + & & \\ +{\declaration} & ::= & + {\tt Axiom} {\ident} \verb.:. {\term} \verb:.: \\ + & $|$ & {\declarationkeyword} {\params} \verb:.: \\ + & & \\ +{\declarationkeyword} & ::= & +{\tt Parameter} $|$ {\tt Parameters} \\ + & $|$ & {\tt Variable} $|$ {\tt Variables} \\ + & $|$ & {\tt Hypothesis} $|$ {\tt Hypotheses}\\ + & & \\ + +{\definition} & ::= & + {\tt Definition} {\ident} \zeroone{{\tt :} {\term}} \verb.:=. {\term} \verb:.: \\ + & $|$ & {\tt Local} {\ident} \zeroone{{\tt :} {\term}} \verb.:=. {\term} \verb:.: \\ + & & \\ + +{\inductive} & ::= & + \zeroone{\texttt{Mutual}} {\tt Inductive} \nelist{\inductivebody}{with} + \verb:.: \\ + & $|$ & + \zeroone{\texttt{Mutual}} {\tt CoInductive} \nelist{\inductivebody}{with} + \verb:.: \\ + & & \\ +{\inductivebody} & ::= & +{\ident} \zeroone{{\tt [} {\params} {\tt ]}} \verb.:. {\term} + \verb.:=. + \sequence{\constructor}{|} \\ + & & \\ +{\constructor} & ::= & {\ident} \verb.:. {\term} \\ + & &\\ + +{\fixpoint} & ::= & {\tt Fixpoint} \nelist{\fixpointbody}{with} + \verb:.: \\ +& $|$ & {\tt CoFixpoint} \nelist{\cofixpointbody}{with} + \verb:.: \\ + & &\\ + +{\statement} & ::= & {\tt Theorem} {\ident} {\tt :} {\term} \verb:.: \\ + & $|$ & {\tt Lemma} {\ident} {\tt :} {\term} \verb:.: \\ + & $|$ & {\tt Definition} {\ident} {\tt :} {\term} \verb:.: \\ + & & \\ + +{\proof} & ::= & {\tt Proof} {\tt .} {\dots} {\tt Qed} {\tt .}\\ + & $|$ & {\tt Proof} {\tt .} {\dots} {\tt Defined} {\tt .}\\ +\hline +\end{tabular} +\caption{Syntax of sentences} +\end{figure} +The different kinds of command are described hereafter. They all suppose +that the terms occurring in the sentences are well-typed. + +\subsection{Declarations}\index{Declarations}\label{Declarations} +The declaration mechanism allows the user to specify his own basic +objects. Declared objects play the role of axioms or parameters in +mathematics. A declared object is an {\ident} associated to a \term. A +declaration is accepted by {\Coq} iff this {\term} is a correct type +in the current context of the declaration and \ident\ was +not previously defined in the same module. This {\term} +is considered to be the type, or specification, of the \ident. + +\subsubsection{{\tt Axiom {\ident} : {\term}}.} +\comindex{Axiom} +\label{Axiom} +This command links {\term} to the name {\ident} as its specification in the +global context. The fact asserted by {\term} is thus assumed +as a postulate. + +\begin{ErrMsgs} +\item \errindex{Clash with previous constant {\ident}} +\end{ErrMsgs} + +\begin{Variants} +\item {\tt Parameter {\ident} : {\term}.} + \comindex{Parameter}\\ + Is equivalent to {\tt Axiom {\ident} : {\term}} +\item {\tt Parameter \nelist{\nelist{\ident}{,} : {\term}}{;} {\tt .}} \\ +% Is equivalent to {\tt Axiom {\lident} : {\term}} + Links the {\term}'s to the names comprising the lists \nelist{\nelist{\ident}{,} : {\term}}{;}. +\end{Variants} + +\noindent {\bf Remark: } It is possible to replace {\tt Parameter} by +{\tt Parameters} when more than one parameter are given. + +\subsubsection{{\tt Variable {\ident} : {\term}}.}\comindex{Variable} +\comindex{Variables} +This command links {\term} to the name {\ident} in the context of the +current section (see \ref{Section} for a description of the section +mechanism). The name {\ident} will be unknown when the current +section will be closed. One says that the variable is {\em + discharged}. Using the {\tt Variable} command out of any section is +equivalent to {\tt Axiom}. + +\begin{ErrMsgs} +\item \errindex{Clash with previous constant {\ident}} +\end{ErrMsgs} + +\begin{Variants} +\item {\tt Variable \nelist{\nelist{\ident}{,}:{\term}}{;} {\tt .}}\\ + Links {\term} to the + names comprising the list \nelist{\nelist{\ident}{,}:{\term}}{;} +\item {\tt Hypothesis \nelist{\nelist{\ident}{,} $\;$:$\;$ {\term}}{;} {\tt + .}} \comindex{Hypothesis}\\ % Ligne trop longue + \texttt{Hypothsis} is a synonymous of \texttt{Variable} +\end{Variants} + +\noindent {\bf Remark: } It is possible to replace {\tt Variable} by +{\tt Variables} and \ml{Hypothesis} by {\tt Hypotheses} + when more than one variable or one hypothesis are given. + +It is advised to use the keywords \verb:Axiom: and \verb:Hypothesis: +for logical postulates (i.e. when the assertion {\term} is of sort +\verb:Prop:), and to use the keywords \verb:Parameter: and +\verb:Variable: in other cases (corresponding to the declaration of an +abstract mathematical entity). + +\subsection{Definitions}\index{Definitions}\label{Simpl-definitions} +Definitions differ from declarations since they allow to give a name +to a term whereas declarations were just giving a type to a name. That +is to say that the name of a defined object can be replaced at any +time by its definition. This replacement is called +$\delta$-conversion\index{delta-reduction@$\delta$-reduction} (see section +\ref{delta}). A defined object is accepted by the system iff the +defining term is well-typed in the current context of the definition. +Then the type of the name is the type of term. The defined name is +called a {\em constant}\index{Constant} and one says that {\it the + constant is added to the environment}\index{Environment}. + +A formal presentation of constants and environments is given in +section \ref{Cic-definitions}. + + +\subsubsection{\tt Definition {\ident} := {\term}.} +\comindex{Definition} +This command binds the value {\term} to the name {\ident} in the +environment, provided that {\term} is well-typed. + +\begin{ErrMsgs} +\item \errindex{Clash with previous constant {\ident}} +\end{ErrMsgs} + +\begin{Variants} +\item {\tt Definition {\ident} : {\term$_1$} := {\term$_2$}.} It + checks that the type of {\term$_2$} is definitionally equal to + {\term$_1$}, and registers {\ident} as being of type {\term$_1$}, + and bound to value {\term$_2$}. +\end{Variants} + +\begin{ErrMsgs} +\item \errindex{In environment \dots the term: {\term$_2$} does not have type + {\term$_1$}}.\\ + \texttt{Actually, it has type {\term$_3$}}. +\end{ErrMsgs} + +\SeeAlso sections \ref{Opaque}, \ref{Transparent}, \ref{Unfold} + +\subsubsection{\tt Local {\ident} := {\term}.}\comindex{Local} +This command binds the value {\term} to the name {\ident} in the +environment of the current section. The name {\ident} will be unknown +when the current section will be closed and all occurrences of +{\ident} in persistent objects (such as theorems) defined within the +section will be replaced by \term. One can say that the {\tt Local} +definition is a kind of {\em macro}. + +\begin{ErrMsgs} +\item \errindex{Clash with previous constant {\ident}} +\end{ErrMsgs} + +\begin{Variants} +\item {\tt Local {\ident} : {\term$_1$} := {\term$_2$}.} +\end{Variants} + +\SeeAlso \ref{Section} (section mechanism), \ref{Opaque}, +\ref{Transparent} (opaque/transparent constants), \ref{Unfold} + +% Let comme forme de Definition n'existe plus +% +%\subsubsection{\tt Let {\ident} := {\term}.} +%\comindex{Let} + +%This command makes definition that are stronger than \texttt{Local}, +%and weaker than \texttt{Definition}. The name {\ident} will be kown in the +%current section and after having closed the current section, but will +%be unknown after closing the section above the current section. + +%\begin{Variants} +%\item {\tt Local {\ident} : {\term$_1$} := {\term$_2$}.} +%\end{Variants} + +%\SeeAlso \ref{Section} + +\subsection{Inductive definitions} +\index{Inductive definitions} \label{gal_Inductive_Definitions} +\comindex{Inductive}\label{Inductive} + +We gradually explain simple inductive types, simple +annotated inductive types, simple parametric inductive types, +mutually inductive types. We explain also co-inductive types. + +\subsubsection{Simple inductive types} + +The definition of a simple inductive type has the following form: + +\medskip +{\tt +\begin{tabular}{l} +Inductive {\ident} : {\sort} := \\ +\begin{tabular}{clcl} + & {\ident$_1$} &:& {\type$_1$} \\ + | & {\ldots} && \\ + | & {\ident$_n$} &:& {\type$_n$} +\end{tabular} +\end{tabular} +} +\medskip + +The name {\ident} is the name of the inductively defined type and +{\sort} is the universes where it lives. +The names {\ident$_1$}, {\ldots}, {\ident$_n$} +are the names of its constructors and {\type$_1$}, {\ldots}, +{\type$_n$} their respective types. The types of the constructors have +to satisfy a {\em positivity condition} (see section \ref{Positivity}) +for {\ident}. This condition ensures the soundness of the inductive +definition. If this is the case, the constants {\ident}, +{\ident$_1$}, {\ldots}, {\ident$_n$} are added to the environment with +their respective types. Accordingly to the universe where +the inductive type lives({\it e.g.} its type {\sort}), {\Coq} provides a +number of destructors for {\ident}. Destructors are named +{\ident}{\tt\_ind}, {\ident}{\tt \_rec} or {\ident}{\tt \_rect} which +respectively correspond to elimination principles on {\tt Prop}, {\tt +Set} and {\tt Type}. The type of the destructors expresses structural +induction/recursion principles over objects of {\ident}. We give below +two examples of the use of the {\tt Inductive} definitions. + +The set of natural numbers is defined as: +\begin{coq_example} +Inductive nat : Set := O : nat | S : nat -> nat. +\end{coq_example} + +The type {\tt nat} is defined as the least \verb:Set: containing {\tt + O} and closed by the {\tt S} constructor. The constants {\tt nat}, +{\tt O} and {\tt S} are added to the environment. + +Now let us have a look at the elimination principles. They are three : +{\tt nat\_ind}, {\tt nat\_rec} and {\tt nat\_rect}. The type of {\tt + nat\_ind} is: +\begin{coq_example} +Check nat_ind. +\end{coq_example} + +This is the well known structural induction principle over natural +numbers, i.e. the second-order form of Peano's induction principle. +It allows to prove some universal property of natural numbers ({\tt +(n:nat)(P n)}) by induction on {\tt n}. Recall that {\tt (n:nat)(P n)} +is \gallina's syntax for the universal quantification $\forall +n:nat\cdot P(n).$\\ The types of {\tt nat\_rec} and {\tt nat\_rect} +are similar, except that they pertain to {\tt (P:nat->Set)} and {\tt +(P:nat->Type)} respectively . They correspond to primitive induction +principles (allowing dependent types) respectively over sorts +\verb:Set: and \verb:Type:. The constant {\ident}{\tt \_ind} is always +provided, whereas {\ident}{\tt \_rec} and {\ident}{\tt \_rect} can be +impossible to derive (for example, when {\ident} is a proposition). + +\subsubsection{Simple annotated inductive types} + +In an annotated inductive types, the universe where the inductive +type is defined is no longer a simple sort, but what is called an +arity, which is a type whose conclusion is a sort. + +As an example of annotated inductive types, let us define the +$even$ predicate: + +\begin{coq_example} +Inductive even : nat->Prop := + | even_0 : (even O) + | even_SS : (n:nat)(even n)->(even (S (S n))). +\end{coq_example} + +The type {\tt nat->Prop} means that {\tt even} is a unary predicate +(inductively defined) over natural numbers. The type of its two +constructors are the defining clauses of the predicate {\tt even}. The +type of {\tt even\_ind} is: + +\begin{coq_example} +Check even_ind. +\end{coq_example} + +From a mathematical point of view it asserts that the natural numbers +satisfying the predicate {\tt even} are exactly the naturals satisfying +the clauses {\tt even\_0} or {\tt even\_SS}. This is why, when we want +to prove any predicate {\tt P} over elements of {\tt even}, it is +enough to prove it for {\tt O} and to prove that if any natural number +{\tt n} satisfies {\tt P} its double successor {\tt (S (S n))} +satisfies also {\tt P}. This is indeed analogous to the structural +induction principle we got for {\tt nat}. + +\begin{ErrMsgs} +\item \errindex{Non strictly positive occurrence of {\ident} in {\type}} +\item \errindex{Type of Constructor not well-formed} +\end{ErrMsgs} + +\begin{Variants} +\item {\tt Inductive {\ident} [ {\params} ] : {\term} := + {\ident$_1$}:{\term$_1$} | {\ldots} | {\ident$_n$}:\term$_n$.}\\ Allows + to define parameterized inductive types.\\ + For instance, one can define + parameterized lists as: +\begin{coq_example*} +Inductive list [X:Set] : Set := + Nil : (list X) | Cons : X->(list X)->(list X). +\end{coq_example*} +Notice that, in the type of {\tt Nil} and {\tt Cons}, we write {\tt + (list X)} and not just {\tt list}.\\ The constants {\tt Nil} and +{\tt Cons} will have respectively types: + +\begin{coq_example} +Check Nil. +\end{coq_example} +and + +\begin{coq_example} +Check Cons. +\end{coq_example} + +Types of destructors will be also quantified with {\tt (X:Set)}. +\item {\tt Inductive {\sort} {\ident} := +{\ident$_1$}:{\term$_1$} | {\ldots} | {\ident$_n$}:\term$_n$.}\\ +with {\sort} being one of {\tt Prop, Type, Set} is +equivalent to \\ {\tt Inductive {\ident} : {\sort} := + {\ident$_1$}:{\term$_1$} | {\ldots} | {\ident$_n$}:\term$_n$.} +\item {\tt Inductive {\sort} {\ident} [ {\params} ]:= +{\ident$_1$}:{\term$_1$} | {\ldots} | {\ident$_n$}:\term$_n$.}\\ + Same as before but with parameters. +\end{Variants} + +\SeeAlso sections \ref{Cic-inductive-definitions}, \ref{Elim} + +\subsubsection{Mutually inductive types} +\comindex{Mutual Inductive}\label{Mutual-Inductive} + +The definition of a block of mutually inductive types has the form: + +\medskip +{\tt +\begin{tabular}{l} +Inductive {\ident$_1$} : {\type$_1$} := \\ +\begin{tabular}{clcl} + & {\ident$_1^1$} &:& {\type$_1^1$} \\ + | & {\ldots} && \\ + | & {\ident$_{n_1}^1$} &:& {\type$_{n_1}^1$} +\end{tabular} \\ +with\\ +~{\ldots} \\ +with {\ident$_m$} : {\type$_m$} := \\ +\begin{tabular}{clcl} + & {\ident$_1^m$} &:& {\type$_1^m$} \\ + | & {\ldots} \\ + | & {\ident$_{n_m}^m$} &:& {\type$_{n_m}^m$}. +\end{tabular} +\end{tabular} +} +\medskip + +\noindent {\bf Remark: } The word {\tt Mutual} can be optionally +inserted in front of {\tt Inductive}. + +It has the same semantics as the above {\tt Inductive} definition for +each \ident$_1$, {\ldots}, \ident$_m$. All names \ident$_1$, {\ldots}, +\ident$_m$ and \ident$_1^1$, \dots, \ident$_{n_m}^m$ are +simultaneously added to the environment. Then +well-typing of constructors can be checked. Each one of the +\ident$_1$, {\ldots}, \ident$_m$ can be used on its own. + +It is also possible to parameterize these inductive definitions. +However, parameters correspond to a local +context in which the whole set of inductive declarations is done. For +this reason, the parameters must be strictly the same for each +inductive types The extented syntax is: + +\medskip +{\tt +Inductive {{\ident$_1$} [{\rm\sl params} ] : {\type$_1$} := \\ +\mbox{}\hspace{0.4cm} {\ident$_1^1$} : {\type$_1^1$} \\ +\mbox{}\hspace{0.1cm}| .. \\ +\mbox{}\hspace{0.1cm}| {\ident$_{n_1}^1$} : {\type$_{n_1}^1$} \\ +with\\ +\mbox{}\hspace{0.1cm} .. \\ +with {\ident$_m$} [{\rm\sl params} ] : {\type$_m$} := \\ +\mbox{}\hspace{0.4cm}{\ident$_1^m$} : {\type$_1^m$} \\ +\mbox{}\hspace{0.1cm}| .. \\ +\mbox{}\hspace{0.1cm}| {\ident$_{n_m}^m$} : {\type$_{n_m}^m$}. +}} +\medskip + +\Example +The typical example of a mutual inductive data type is the one for +trees and forests. We assume given two types $A$ and $B$ as variables. +It can be declared the following way. + +\begin{coq_example*} +Variables A,B:Set. +Inductive tree : Set := node : A -> forest -> tree +with forest : Set := + | leaf : B -> forest + | cons : tree -> forest -> forest. +\end{coq_example*} + +This declaration generates automatically six induction +principles. They are respectively +called {\tt tree\_rec}, {\tt tree\_ind}, {\tt + tree\_rect}, {\tt forest\_rec}, {\tt forest\_ind}, {\tt + forest\_rect}. These ones are not the most general ones but are +just the induction principles corresponding to each inductive part +seen as a single inductive definition. + +To illustrate this point on our example, we give the types of {\tt + tree\_rec} and {\tt forest\_rec}. + +\begin{coq_example} +Check tree_rec. +Check forest_rec. +\end{coq_example} + +Assume we want to parameterize our mutual inductive definitions with +the two type variables $A$ and $B$, the declaration should be done the +following way: + +\begin{coq_eval} +Reset tree. +\end{coq_eval} +\begin{coq_example*} +Inductive + tree [A,B:Set] : Set := node : A -> (forest A B) -> (tree A B) +with forest [A,B:Set] : Set := leaf : B -> (forest A B) + | cons : (tree A B) -> (forest A B) -> (forest A B). +\end{coq_example*} +\begin{coq_eval} +Save State toto. +\end{coq_eval} + +Assume we define an inductive definition inside a section. When the +section is closed, the variables declared in the section and occurring +free in the declaration are added as parameters to the inductive +definition. + +\SeeAlso \ref{Section} + +\subsubsection{Co-inductive types} +\comindex{CoInductive} + +The objects of an inductive type are well-founded with respect to the +constructors of the type. In other words, such objects contain only a +{\it finite} number constructors. Co-inductive types arise from +relaxing this condition, and admitting types whose objects contain an +infinity of constructors. Infinite objects are introduced by a +non-ending (but effective) process of construction, defined in terms +of the constructors of the type. + +An example of a co-inductive type is the type of infinite sequences of +natural numbers, usually called streams. It can be introduced in \Coq\ +using the \texttt{CoInductive} command: +\begin{coq_example} +CoInductive Set Stream := Seq : nat->Stream->Stream. +\end{coq_example} + +The syntax of this command is the same as the command \texttt{Inductive} +(cf. section \ref{gal_Inductive_Definitions}). Notice that no +principle of induction is derived from the definition of a +co-inductive type, since such principles only make sense for inductive +ones. For co-inductive ones, the only elimination principle is case +analysis. For example, the usual destructors on streams +\texttt{hd:Stream->nat} and \texttt{tl:Str->Str} can be defined as +follows: +\begin{coq_example} +Definition hd := [x:Stream]Cases x of (Seq a s) => a end. +Definition tl := [x:Stream]Cases x of (Seq a s) => s end. +\end{coq_example} + +Definition of co-inductive predicates and blocks of mutually +co-inductive definitions are also allowed. An example of a +co-inductive predicate is the extensional equality on streams: + +\begin{coq_example} +CoInductive EqSt : Stream->Stream->Prop := + eqst : (s1,s2:Stream) + (hd s1)=(hd s2)-> + (EqSt (tl s1) (tl s2))->(EqSt s1 s2). +\end{coq_example} + +In order to prove the extensionally equality of two streams $s_1$ and +$s_2$ we have to construct and infinite proof of equality, that is, +an infinite object of type $(\texttt{EqSt}\;s_1\;s_2)$. We will see +how to introduce infinite objects in section \ref{CoFixpoint}. + +\subsection{Definition of recursive functions} + +\subsubsection{\tt Fixpoint {\ident} [ \ident$_1$ : \type$_1$ ] : +\type$_0$ := \term$_0$} +\comindex{Fixpoint}\label{Fixpoint} + +This command allows to define inductive objects using a fixed point +construction. The meaning of this declaration is to define {\it +ident} a recursive function with one argument \ident$_1$ of type +\term$_1$ such that ({\it ident}~\ident$_1$) has type \type$_0$ and is +equivalent to the expression \term$_0$. The type of the {\ident} is +consequently {(\ident$_1$ : \type$_1$)\type$_0$} and the value is +equivalent to [\ident$_1$ : \type$_1$]\term$_0$. The argument +{\ident$_1$} (of type {\type$_1$}) is called the {\em recursive +variable} of {\ident}. Its type should be an inductive definition. + +To be accepted, a {\tt Fixpoint} definition has to satisfy some +syntactical constraints on this recursive variable. They are needed to +ensure that the {\tt Fixpoint} definition always terminates. For +instance, one can define the addition function as : + +\begin{coq_example} +Fixpoint add [n:nat] : nat->nat + := [m:nat]Cases n of O => m | (S p) => (S (add p m)) end. +\end{coq_example} + +The {\tt Cases} operator matches a value (here \verb:n:) with the +various constructors of its (inductive) type. The remaining arguments +give the respective values to be returned, as functions of the +parameters of the corresponding constructor. Thus here when \verb:n: +equals \verb:O: we return \verb:m:, and when \verb:n: equals +\verb:(S p): we return \verb:(S (add p m)):. + +The {\tt Cases} operator is formally described +in detail in section \ref{Caseexpr}. The system recognizes that in +the inductive call {\tt (add p m)} the first argument actually +decreases because it is a {\em pattern variable} coming from {\tt Cases + n of}. + +\begin{Variants} +\item {\tt Fixpoint {\ident} [ {\params} ] : \type$_0$ := +\term$_0$.}\\ + It declares a list of identifiers with their type + usable in the type \type$_0$ and the definition body \term$_0$ + and the last identifier in {\params} is the recursion variable. +\item {\tt Fixpoint {\ident$_1$} [ {\params$_1$} ] : + {\type$_1$} := {\term$_1$}\\ + with {\ldots} \\ + with {\ident$_m$} [ {\params$_m$} ] : {\type$_m$} := + {\type$_m$}}\\ + Allows to define simultaneously {\ident$_1$}, {\ldots}, + {\ident$_m$}. +\end{Variants} + +\Example The following definition is not correct and generates an +error message: + +\begin{coq_example} +Fixpoint wrongplus [n:nat] : nat->nat + := [m:nat]Cases m of O => n | (S p) => (S (wrongplus n p)) end. +\end{coq_example} + +because the declared decreasing argument {\tt n} actually does not +decrease in the recursive call. The function computing the addition +over the second argument should rather be written: + +\begin{coq_example*} +Fixpoint plus [n,m:nat] : nat + := Cases m of O => n | (S p) => (S (plus n p)) end. +\end{coq_example*} + +The ordinary match operation on natural numbers can be mimicked in the +following way. +\begin{coq_example*} +Fixpoint nat_match [C:Set;f0:C;fS:nat->C->C;n:nat] : C + := Cases n of O => f0 | (S p) => (fS p (nat_match C f0 fS p)) end. +\end{coq_example*} +The recursive call may not only be on direct subterms of the recursive +variable {\tt n} but also on a deeper subterm and we can directly +write the function {\tt mod2} which gives the remainder modulo 2 of a +natural number. +\begin{coq_example*} +Fixpoint mod2 [n:nat] : nat + := Cases n of + O => O + | (S p) => Cases p of O => (S O) | (S q) => (mod2 q) end + end. +\end{coq_example*} +In order to keep the strong normalisation property, the fixed point +reduction will only be performed when the argument in position of the +recursive variable (whose type should be in an inductive definition) +starts with a constructor. + +The {\tt Fixpoint} construction enjoys also the {\tt with} extension +to define functions over mutually defined inductive types or more +generally any mutually recursive definitions. + +\Example +The size of trees and forests can be defined the following way: +\begin{coq_eval} +Restore State Initial. +Variables A,B:Set. +Inductive tree : Set := node : A -> forest -> tree +with forest : Set := leaf : B -> forest + | cons : tree -> forest -> forest. +\end{coq_eval} +\begin{coq_example*} +Fixpoint tree_size [t:tree] : nat := + Cases t of (node a f) => (S (forest_size f)) end +with forest_size [f:forest] : nat := + Cases f of (leaf b) => (S O) + | (cons t f') => (plus (tree_size t) (forest_size f')) + end. +\end{coq_example*} +A generic command {\tt Scheme} is useful to build automatically various +mutual induction principles. It is described in section \ref{Scheme}. + +\subsubsection{{\tt CoFixpoint} {\ident} : +\type$_0$ := \term$_0$.}\comindex{CoFixpoint}\label{CoFixpoint} + +The {\tt CoFixpoint} command introduces a method for constructing an +infinite object of a coinduc\-tive type. For example, the stream +containing all natural numbers can be introduced applying the +following method to the number \texttt{O}: + +\begin{coq_example*} +CoInductive Set Stream := Seq : nat->Stream->Stream. +Definition hd := [x:Stream]Cases x of (Seq a s) => a end. +Definition tl := [x:Stream]Cases x of (Seq a s) => s end. +\end{coq_example*} +\begin{coq_example} +CoFixpoint from : nat->Stream := [n:nat](Seq n (from (S n))). +\end{coq_example} + +Oppositely to recursive ones, there is no decreasing argument in a +co-recursive definition. To be admissible, a method of construction +must provide at least one extra constructor of the infinite object for +each iteration. A syntactical guard condition is imposed on +co-recursive definitions in order to ensure this: each recursive call +in the definition must be protected by at least one constructor, and +only by constructors. That is the case in the former definition, where +the single recursive call of \texttt{from} is guarded by an +application of \texttt{Seq}. On the contrary, the following recursive +function does not satisfy the guard condition: + +\begin{coq_example*} +CoFixpoint filter : (nat->bool)->Stream->Stream := + [p:nat->bool] + [s:Stream] + if (p (hd s)) then (Seq (hd s) (filter p (tl s))) + else (filter p (tl s)). +\end{coq_example*} + +\noindent Notice that the definition contains an unguarded recursive +call of \texttt{filter} on the \texttt{else} branch of the test. + +The elimination of co-recursive definition is done lazily, i.e. the +definition is expanded only when it occurs at the head of an +application which is the argument of a case expression. Isolate, it +is considered as a canonical expression which is completely +evaluated. We can test this using the command \texttt{Eval}, +which computes the normal forms of a term: + +\begin{coq_example} +Eval Compute in (from O). +Eval Compute in (hd (from O)). +Eval Compute in (tl (from O)). +\end{coq_example} + +As in the \texttt{Fixpoint} command (cf. section~\ref{Fixpoint}), it +is possible to introduce a block of mutually dependent methods. The +general syntax for this case is: + +{\tt CoFixpoint {\ident$_1$} :{\type$_1$} := {\term$_1$}\\ + with\\ + \mbox{}\hspace{0.1cm} $\ldots$ \\ + with {\ident$_m$} : {\type$_m$} := {\term$_m$}} + +\subsection{Statement and proofs} + +A statement claims a goal of which the proof is then interactively done +using tactics. More on the proof editing mode, statements and proofs can be +found in chapter \ref{Proof-handling}. + +\subsubsection{\tt Theorem {\ident} : {\type}.} +\comindex{Theorem} +This command binds {\type} to the name {\ident} in the +environment, provided that a proof of {\type} is next given. + +After a statement, Coq needs a proof. + +\begin{Variants} + +\item {\tt Lemma {\ident} : {\type}.}\comindex{Lemma}\\ +It is a synonymous of \texttt{Theorem} +\item {\tt Remark {\ident} : {\type}.}\comindex{Remark}\\ +Same as {\tt Theorem} except +that if this statement is in a section then the name {\ident} will be unknown +when the current section (see \ref{Section}) will be closed. All +proofs of persistent objects (such as theorems) referring to {\ident} +within the section will be replaced by the proof of {\ident}. +\item {\tt Definition {\ident} : {\type}.} \\ +Allow to define a term of type {\type} using the proof editing mode. It +behaves as {\tt Theorem} except the defined term will be transparent (see +\ref{Transparent}, \ref{Unfold}). +\end{Variants} + +\subsubsection{{\tt Proof} {\tt .} \dots {\tt Qed} {\tt .}} + +A proof starts by the keyword {\tt Proof}. Then {\Coq} enters the +proof editing mode until the proof is completed. The proof editing +mode essentially contains tactics that are described in chapter +\ref{Tactics}. Besides tactics, there are commands to manage the proof +editing mode. They are described in chapter \ref{Proof-handling}. When +the proof is completed it should be validated and put in the +environment using the keyword {\tt Qed}. +\medskip + +\ErrMsg +\begin{enumerate} +\item \errindex{Clash with previous constant {\ident}} +\end{enumerate} + +\begin{Remarks} +\item Several statements can be simultaneously opened. +\item Not only other statements but any vernacular command can be given +within the proof editing mode. In this case, the command is +understood as if it would have been given before the statements still to be +proved. +\item {\tt Proof} is recommended but can currently be omitted. On the +opposite, {\tt Qed} is mandatory to validate a proof. +\end{Remarks} + +\begin{Variants} +\item {\tt Proof} {\tt .} \dots {\tt Defined} {\tt .}\\ + \comindex{Proof} + Same as {\tt Proof} {\tt .} \dots {\tt Qed} {\tt .} but it is + intended to surround a definition built using the proof-editing mode. +\item {\tt Proof} {\tt .} \dots {\tt Save.}\\ + Same as {\tt Proof} {\tt .} \dots {\tt Qed} {\tt .} +\item {\tt Goal} \type \dots {\tt Save} \ident \\ + Same as {\tt Lemma} \ident {\tt :} \type \dots {\tt Save.} + This is intended to be used in the interactive mode. Conversely to named + lemmas, anonymous goals cannot be nested. +\end{Variants} +\comindex{Proof} +\comindex{Qed} +\comindex{Save} +\comindex{Goal} + +% Local Variables: +% mode: LaTeX +% TeX-master: "Reference-Manual" +% End: + +% $Id$ |