co-inductive predicates and bisimilarity · definitions recallthedefinitionof llist: set implicit...
TRANSCRIPT
![Page 1: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/1.jpg)
Co-inductive predicates andbisimilarityCoq’Art section 13.6–13.7Koen Timmermans and Marnix Suilen
1
![Page 2: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/2.jpg)
Definitions
Recall the definition of LList:
Set Implicit Arguments.
CoInductive LList (A:Set) : Set :=LNil : LList A |LCons : A -> LList A -> LList A.
Implicit Arguments LNil [A].
And the definition of from:
CoFixpoint from (n:nat) : LList nat := LCons n (from (S n)).
And of repeat:
CoFixpoint repeat (A:Set)(a:A) : LList A := LCons a (repeat a).
2
![Page 3: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/3.jpg)
Definitions
Recall the definition of LList:
Set Implicit Arguments.
CoInductive LList (A:Set) : Set :=LNil : LList A |LCons : A -> LList A -> LList A.
Implicit Arguments LNil [A].
And the definition of from:
CoFixpoint from (n:nat) : LList nat := LCons n (from (S n)).
And of repeat:
CoFixpoint repeat (A:Set)(a:A) : LList A := LCons a (repeat a).
2
![Page 4: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/4.jpg)
Definitions
Recall the definition of LList:
Set Implicit Arguments.
CoInductive LList (A:Set) : Set :=LNil : LList A |LCons : A -> LList A -> LList A.
Implicit Arguments LNil [A].
And the definition of from:
CoFixpoint from (n:nat) : LList nat := LCons n (from (S n)).
And of repeat:
CoFixpoint repeat (A:Set)(a:A) : LList A := LCons a (repeat a).
2
![Page 5: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/5.jpg)
Recall from_unfold
Lemma from_unfold: forall n:nat , from n = LCons n (from (S n)).Proof.intro n.LList_unfold (from n).simpl.reflexivity.Qed.
3
![Page 6: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/6.jpg)
Recall Guard conditions
A definition by cofixpoint is only accepted if all recursive calls occur inside one of thearguments of a constructor of the co-inductive type.
4
![Page 7: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/7.jpg)
Co-inductive Predicates
• Used for properties on co-inductive types that cannot be defined inductively.
• Example: infiniteness of LLists.– Finiteness can be proven with a finite number of applications of Finite_LCons to a
term obtained with Finite_LNil.An inductive predicate.
– Infiniteness cannot be proven this way.It needs a co-inductive predicate.
5
![Page 8: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/8.jpg)
Co-inductive Predicates
• Used for properties on co-inductive types that cannot be defined inductively.• Example: infiniteness of LLists.
– Finiteness can be proven with a finite number of applications of Finite_LCons to aterm obtained with Finite_LNil.
An inductive predicate.– Infiniteness cannot be proven this way.
It needs a co-inductive predicate.
5
![Page 9: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/9.jpg)
Co-inductive Predicates
• Used for properties on co-inductive types that cannot be defined inductively.• Example: infiniteness of LLists.
– Finiteness can be proven with a finite number of applications of Finite_LCons to aterm obtained with Finite_LNil.An inductive predicate.
– Infiniteness cannot be proven this way.It needs a co-inductive predicate.
5
![Page 10: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/10.jpg)
Co-inductive Predicates
• Used for properties on co-inductive types that cannot be defined inductively.• Example: infiniteness of LLists.
– Finiteness can be proven with a finite number of applications of Finite_LCons to aterm obtained with Finite_LNil.An inductive predicate.
– Infiniteness cannot be proven this way.It needs a co-inductive predicate.
5
![Page 11: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/11.jpg)
Predicate for Infinite
This is a predicate that indicates that a LList is infinite.
CoInductive Infinite (A:Set) : LList A -> Prop :=Infinite_LCons :forall (a:A) (l : LList A), Infinite l -> Infinite (LCons a l).
6
![Page 12: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/12.jpg)
Infinite proofs
• We want to prove that from n yields infinite lists for every natural number n.
• We do this by building an inhabitant of the type forall n:nat, Infinite (from n).• For this, we need a co-recursive function of which this is a fixpoint.We define
Definition F_from :(forall n:nat , Infinite (from n)) -> forall n:nat , Infinite (from n).
We have to prove that this satisfies the guard condition.intro H.intro n.rewrite (from_unfold n).split.apply H.Defined.
7
![Page 13: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/13.jpg)
Infinite proofs
• We want to prove that from n yields infinite lists for every natural number n.• We do this by building an inhabitant of the type forall n:nat, Infinite (from n).
• For this, we need a co-recursive function of which this is a fixpoint.We define
Definition F_from :(forall n:nat , Infinite (from n)) -> forall n:nat , Infinite (from n).
We have to prove that this satisfies the guard condition.intro H.intro n.rewrite (from_unfold n).split.apply H.Defined.
7
![Page 14: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/14.jpg)
Infinite proofs
• We want to prove that from n yields infinite lists for every natural number n.• We do this by building an inhabitant of the type forall n:nat, Infinite (from n).• For this, we need a co-recursive function of which this is a fixpoint.
We define
Definition F_from :(forall n:nat , Infinite (from n)) -> forall n:nat , Infinite (from n).
We have to prove that this satisfies the guard condition.intro H.intro n.rewrite (from_unfold n).split.apply H.Defined.
7
![Page 15: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/15.jpg)
Infinite proofs
• We want to prove that from n yields infinite lists for every natural number n.• We do this by building an inhabitant of the type forall n:nat, Infinite (from n).• For this, we need a co-recursive function of which this is a fixpoint.We define
Definition F_from :(forall n:nat , Infinite (from n)) -> forall n:nat , Infinite (from n).
We have to prove that this satisfies the guard condition.intro H.intro n.rewrite (from_unfold n).split.apply H.Defined.
7
![Page 16: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/16.jpg)
Infinite proofs
• We want to prove that from n yields infinite lists for every natural number n.• We do this by building an inhabitant of the type forall n:nat, Infinite (from n).• For this, we need a co-recursive function of which this is a fixpoint.We define
Definition F_from :(forall n:nat , Infinite (from n)) -> forall n:nat , Infinite (from n).
We have to prove that this satisfies the guard condition.
intro H.intro n.rewrite (from_unfold n).split.apply H.Defined.
7
![Page 17: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/17.jpg)
Infinite proofs
• We want to prove that from n yields infinite lists for every natural number n.• We do this by building an inhabitant of the type forall n:nat, Infinite (from n).• For this, we need a co-recursive function of which this is a fixpoint.We define
Definition F_from :(forall n:nat , Infinite (from n)) -> forall n:nat , Infinite (from n).
We have to prove that this satisfies the guard condition.intro H.intro n.rewrite (from_unfold n).split.apply H.Defined.
7
![Page 18: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/18.jpg)
The cofix tactic
• The cofix tactic automates much of the above:
Theorem from_Infinite_V0 : forall n:nat , Infinite (from n).Proof cofix H : forall n:nat , Infinite (from n) := F_from H.
• To prove a property P, where P uses a co-inductive predicate, one should construct a termof the form cofix H : P := t.
• Here, t has type P in the context with a hypothesis H : P.The term we obtain satisfies the guard condition.
• This can also be done without explicitly mentioning P.Theorem from_Infinite_V1 : forall n:nat , Infinite (from n).Proof.cofix H.apply (F_from H).Qed.
8
![Page 19: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/19.jpg)
The cofix tactic
• The cofix tactic automates much of the above:Theorem from_Infinite_V0 : forall n:nat , Infinite (from n).Proof cofix H : forall n:nat , Infinite (from n) := F_from H.
• To prove a property P, where P uses a co-inductive predicate, one should construct a termof the form cofix H : P := t.
• Here, t has type P in the context with a hypothesis H : P.The term we obtain satisfies the guard condition.
• This can also be done without explicitly mentioning P.Theorem from_Infinite_V1 : forall n:nat , Infinite (from n).Proof.cofix H.apply (F_from H).Qed.
8
![Page 20: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/20.jpg)
The cofix tactic
• The cofix tactic automates much of the above:Theorem from_Infinite_V0 : forall n:nat , Infinite (from n).Proof cofix H : forall n:nat , Infinite (from n) := F_from H.
• To prove a property P, where P uses a co-inductive predicate, one should construct a termof the form cofix H : P := t.
• Here, t has type P in the context with a hypothesis H : P.The term we obtain satisfies the guard condition.
• This can also be done without explicitly mentioning P.Theorem from_Infinite_V1 : forall n:nat , Infinite (from n).Proof.cofix H.apply (F_from H).Qed.
8
![Page 21: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/21.jpg)
The cofix tactic
• The cofix tactic automates much of the above:Theorem from_Infinite_V0 : forall n:nat , Infinite (from n).Proof cofix H : forall n:nat , Infinite (from n) := F_from H.
• To prove a property P, where P uses a co-inductive predicate, one should construct a termof the form cofix H : P := t.
• Here, t has type P in the context with a hypothesis H : P.The term we obtain satisfies the guard condition.
• This can also be done without explicitly mentioning P.Theorem from_Infinite_V1 : forall n:nat , Infinite (from n).Proof.cofix H.apply (F_from H).Qed.
8
![Page 22: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/22.jpg)
The cofix tactic
• The cofix tactic automates much of the above:Theorem from_Infinite_V0 : forall n:nat , Infinite (from n).Proof cofix H : forall n:nat , Infinite (from n) := F_from H.
• To prove a property P, where P uses a co-inductive predicate, one should construct a termof the form cofix H : P := t.
• Here, t has type P in the context with a hypothesis H : P.The term we obtain satisfies the guard condition.
• This can also be done without explicitly mentioning P.Theorem from_Infinite_V1 : forall n:nat , Infinite (from n).Proof.cofix H.apply (F_from H).Qed.
8
![Page 23: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/23.jpg)
And we can use this tactic in an interactive way.
Theorem from_Infinite : forall n:nat , Infinite (from n).Proof.cofix H.intro n.rewrite (from_unfold n).apply Infinite_LCons.apply H.Qed.
9
![Page 24: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/24.jpg)
Guard condition violation
Lemma from_Infinite_buggy :forall n:nat , Infinite (from n).
Proof.cofix H.auto with llists.
Proof completed.
Qed.
Error: Recursive definition of "H" is ill-formed. In environment
H: V n:nat , Infinite (from n)unguarded recursive call in "H"
10
![Page 25: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/25.jpg)
Guard condition violation
Lemma from_Infinite_buggy :forall n:nat , Infinite (from n).
Proof.cofix H.auto with llists.
Proof completed.
Qed.
Error: Recursive definition of "H" is ill-formed. In environment
H: V n:nat , Infinite (from n)unguarded recursive call in "H"
10
![Page 26: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/26.jpg)
Guard condition violation
Lemma from_Infinite_buggy :forall n:nat , Infinite (from n).
Proof.cofix H.auto with llists.
Proof completed.
Qed.
Error: Recursive definition of "H" is ill-formed. In environment
H: V n:nat , Infinite (from n)unguarded recursive call in "H"
10
![Page 27: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/27.jpg)
The Guarded tactic
Check for guard violations after using an auto command:
Lemma from_Infinite_buggy : ..Proof.cofix H.auto with llists.Guarded.
Error: Recursive definition of "H" is ill-formed.Undo.intro n; rewrite (from_unfold n).split; auto.Guarded.
The condition holds up to hereQed.
11
![Page 28: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/28.jpg)
The Guarded tactic
Check for guard violations after using an auto command:Lemma from_Infinite_buggy : ..Proof.cofix H.auto with llists.Guarded.
Error: Recursive definition of "H" is ill-formed.Undo.intro n; rewrite (from_unfold n).split; auto.Guarded.
The condition holds up to hereQed.
11
![Page 29: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/29.jpg)
The Guarded tactic
Check for guard violations after using an auto command:Lemma from_Infinite_buggy : ..Proof.cofix H.auto with llists.Guarded.
Error: Recursive definition of "H" is ill-formed.
Undo.intro n; rewrite (from_unfold n).split; auto.Guarded.
The condition holds up to hereQed.
11
![Page 30: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/30.jpg)
The Guarded tactic
Check for guard violations after using an auto command:Lemma from_Infinite_buggy : ..Proof.cofix H.auto with llists.Guarded.
Error: Recursive definition of "H" is ill-formed.Undo.intro n; rewrite (from_unfold n).split; auto.Guarded.
The condition holds up to hereQed.
11
![Page 31: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/31.jpg)
The Guarded tactic
Check for guard violations after using an auto command:Lemma from_Infinite_buggy : ..Proof.cofix H.auto with llists.Guarded.
Error: Recursive definition of "H" is ill-formed.Undo.intro n; rewrite (from_unfold n).split; auto.Guarded.
The condition holds up to here
Qed.
11
![Page 32: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/32.jpg)
The Guarded tactic
Check for guard violations after using an auto command:Lemma from_Infinite_buggy : ..Proof.cofix H.auto with llists.Guarded.
Error: Recursive definition of "H" is ill-formed.Undo.intro n; rewrite (from_unfold n).split; auto.Guarded.
The condition holds up to hereQed.
11
![Page 33: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/33.jpg)
LNil is not infinite
Theorem LNil_not_Infinite : forall (A:Set), ~Infinite (LNil (A:=A)).Proof.intros A H.inversion H.Qed.
12
![Page 34: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/34.jpg)
Infiniteness of repeat
• We prove that repeat a yields an infinite LList A for any a of type A.• For this, we need an auxiliary lemma
Lemma repeat_unfold: forall A:Set , forall a:A,repeat a = LCons a (repeat a).
Proof.intro A.intro a.LList_unfold (repeat a).simpl.reflexivity.Qed.
13
![Page 35: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/35.jpg)
Infiniteness of repeat
• We prove that repeat a yields an infinite LList A for any a of type A.• For this, we need an auxiliary lemma
Lemma repeat_unfold: forall A:Set , forall a:A,repeat a = LCons a (repeat a).
Proof.intro A.intro a.LList_unfold (repeat a).simpl.reflexivity.Qed.
13
![Page 36: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/36.jpg)
We can use this lemma to prove the following theorem
Lemma repeat_infinite : forall (A:Set) (a:A), Infinite (repeat a).Proof.intro A.cofix a.intro b.
The proof state at this moment is
A : Seta : forall a : A, Infinite (repeat a)b : A============================Infinite (repeat b)
14
![Page 37: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/37.jpg)
We can use this lemma to prove the following theorem
Lemma repeat_infinite : forall (A:Set) (a:A), Infinite (repeat a).Proof.intro A.cofix a.intro b.
The proof state at this moment is
A : Seta : forall a : A, Infinite (repeat a)b : A============================Infinite (repeat b)
14
![Page 38: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/38.jpg)
We can use this lemma to prove the following theorem
Lemma repeat_infinite : forall (A:Set) (a:A), Infinite (repeat a).Proof.intro A.cofix a.intro b.
The proof state at this moment is
A : Seta : forall a : A, Infinite (repeat a)b : A============================Infinite (repeat b)
14
![Page 39: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/39.jpg)
A : Seta : forall a : A, Infinite (repeat a)b : A============================Infinite (repeat b)
We finish this by
rewrite (repeat_unfold b).apply Infinite_LCons.apply a.Qed.
15
![Page 40: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/40.jpg)
A : Seta : forall a : A, Infinite (repeat a)b : A============================Infinite (repeat b)
We finish this by
rewrite (repeat_unfold b).apply Infinite_LCons.apply a.Qed.
15
![Page 41: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/41.jpg)
Bisimilarity
Weaker form of equality: two things are the same if they look/behave the same.For LLists: two LList As are bisimilar if the first element of each LList A are equal, and thetails are bisimilar again:
CoInductive bisimilar (A:Set) : LList A -> LList A -> Prop :=| bisim_LNil : bisimilar LNil LNil| bisim_LCons : forall (a:A)(l l’ : LList A),
bisimilar l l’ -> bisimilar (LCons a l) (LCons a l’).
16
![Page 42: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/42.jpg)
Bisimilarity
Weaker form of equality: two things are the same if they look/behave the same.For LLists: two LList As are bisimilar if the first element of each LList A are equal, and thetails are bisimilar again:
CoInductive bisimilar (A:Set) : LList A -> LList A -> Prop :=| bisim_LNil : bisimilar LNil LNil| bisim_LCons : forall (a:A)(l l’ : LList A),
bisimilar l l’ -> bisimilar (LCons a l) (LCons a l’).
16
![Page 43: Co-inductive predicates and bisimilarity · Definitions Recallthedefinitionof LList: Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A -> LList](https://reader034.vdocument.in/reader034/viewer/2022042711/5f7b8965b583b24bed367e91/html5/thumbnails/43.jpg)
bisimilar is an equivalence relation
We end by showing that bisimilar is an equivalence relation.We use the built-in definitions from the Relations library.
Theorem bisimilar_equiv :forall (A:Set), equiv (LList A) (bisimilar (A:=A)).
We prove this theorem by introducing three lemmas, that claim that bisimilar as a relation isreflexive, symmetric and transitive.
See accompanying Coq file.
17