Lec13
How to Prove it:
Given a conjecture you want to prove you should:
- Check contracts & perform contract completion if needed
- Make sure you understand what the conjecture is claiming (restate to yourself in english)
- See if you can find a counterexample
- If you can’t try to prove that the conjecture is a theorem (One often iterates over the preceding two steps)
2nd Level Techniques (more tactics and less overall campaign objectives):
- Possibly split the conjecture into lemmas (e.g., if it is of the
form
(and ...)) - If the conjecture seems true, can you generalize it?
- For example given
(app (app a a) a) = (app a (app a a)), generalize to(app (app a b) c) = (app a (app b c))(Notice that the generalized conjecture is much more powerful. Often times the more powerful general case is easier to solve, because we wipe away some of the inadvertent details.)
What do we have in our repertoire?
During the proof process, we have at our disposal:
- All the axioms (
consaxioms,ifaxioms, …) - All the theorems we have proved so far
- All the definitional axioms (Def of
app,len, …) - All the contract theorems (Contract of
app,len, …)
Recall that you can invoke these axioms and theorems at any time in the proof with any instantiation. We “roll deep.”
This is a vast arsenal that will help you prove theorems.
If you get a statement in English
(Make that mathematical English or even better, some more formal language)
Starting with words “^v^v^v^v^v^v^v^v^v^v^v^v” (A la Charlie Brown)
-1. Reformulate the conjecture into our formal language.
0. Generalize the claim to the actual interesting version
1. Write down this version as Conjecture: and give it a name usually
2. Exportation: extract the context by rewriting the conjecture into the form: where there are as many hyps as possible. Any propositional logic simplification is allowed (e.g., negate and swap).
3. Contract completion
4. Context
5. Derived Context. (These are the obvious things that follow from the context + axioms/theorems)
- Common patterns:
– (endp x), (tlp x): (== x nil)
– (tlp x), (consp x): (tlp (rest x))
– φ1 ∧ … ∧ φn -> ψ: Derive φ1,…,φn and use MP to derive ψ
6. Goal
7. Proof. Use the proof format in class.
- For equality, start with LHS/RHS and end with RHS/LHS or start w/ LHS & reduce, then start w/ RHS & reduce to the same thing
- For transitive relations (㱺, <, ≤, …) the same proof format works
- For anything else reduce to t
Continuing from last time
(implies (ne-tlp ls)
(implies
(implies (tlp (rest ls))
(implies (in2 a (rest ls))
(in2 a (rev2 (rest ls)))))
(implies (tlp ls)
(implies (in2 a ls)
(in2 a (rev2 ls))))))
```
### A taste of things to come.
```lisp
(defthm in-rev
(implies (tlp ls)
(implies (in2 a ls)
(in2 a (rev2 ls)))))
```
## Exemplary Proofs
A. If a is in l, b is in l and c is in l, then the length of l <= 3.
B Suppose 1 is in x and 2 is in x.
Suppose further that if a is a value that differs from 1 and from 2, it is not in x.
Then the length of is precisely 2.
C
```lisp
(definec del2 (a :all l :tl) :tl
(cond
((endp l) l)
((equal a (car l)) (cdr l))
(t (cons (car l) (del2 a (cdr l))))))
```
Suppose that every element of `x` is in `y`.
Suppose further I delete `a` from `x` and call the result `x^`.
Suppose further still I delete `a` from `y` and call the result `y^`
Then every element of `x^` is in `y^`
Is that true? What do we do?
## Contexts vs. Theorem
How do we think about a context vs. a theorem?
We can _instantiate_ a theorem, since it holds generally. The _context_ is fixed in any particular situation.
(implies (endp x)
(endp y)) ```
We had better not confuse (endp x) with something that holds for all values of x!