Every inductive definition comes with an induction
principle. For instance, if we define the type
Inductive nat :=
| O : nat
| S : nat->nat.
we get the induction principle nat_ind, which asserts
the following proposition:
forall P : nat -> Prop,
P O ->
(forall n : nat, P n -> P (S n)) ->
forall n : nat, P n
You can use the command Check nat_ind to display the induction principle. The induction principle is all that is needed to do inductive proofs. Here is an example.
forall P : nat -> Prop,
P O ->
(forall n : nat, P n -> P (S n)) ->
forall n : nat, P n
You can use the command Check nat_ind to display the induction principle. The induction principle is all that is needed to do inductive proofs. Here is an example.
Fixpoint plus x y := match x with
| O => y
| S x' => plus x' (S y)
end.
Lemma L : forall x y, plus (S x) y = S(plus x y).
Proof.
apply (nat_ind (fun x => forall y, plus (S x) y = S(plus x y))).
intro y. simpl. reflexivity.
intros n IHn y. simpl. rewrite <- IHn. simpl. reflexivity.
Qed.
The trick consists in applying nat_ind with the
right predicate P. Stating P explicitly is
instructive but takes work. The induction tactic
attempts to derive P and in case of success applies
the induction principle. This frees you from
bureaucracy.
Lemma L' : forall x y, plus (S x) y = S(plus x y).
Proof.
induction x.
intro y. simpl. reflexivity.
intro y. simpl. rewrite <- IHx. simpl. reflexivity.
Qed.
Note that intro y.simpl. is applied to both
subgoals created by the induction hypothesis. Thus we
can shorten the proof using semicolon.
Lemma L'' : forall x y, plus (S x) y = S(plus x y).
Proof.
induction x; intro y; simpl.
reflexivity.
rewrite <- IHx. simpl. reflexivity.
Qed.
By using auto we can shorten the proof even
further.
Lemma L''' : forall x y, plus (S x) y = S(plus x y).
Proof.
induction x; intro y; simpl; auto.
rewrite <- IHx. auto.
Qed.
This page has been generated by coqdoc