--> ========================================================== --> Proof scores for verifications of properties --> including associativity and commutativity of _+_ and _*_ --> about Peano Style natural numbers --> with named properties --> kf151027 --> ========================================================== --> ========================================================== --> Peano style natural numbers mod! PNAT { [ Nat ] op 0 : -> Nat {constr} . op s_ : Nat -> Nat {constr} . -- equality over the natural numbers eq (0 = s(Y:Nat)) = false . eq (s(X:Nat) = s(Y:Nat)) = (X = Y) . } --> ========================================================== --> PNAT with plus _+_ operation mod! PNAT+ { pr(PNAT) op _+_ : Nat Nat -> Nat {r-assoc} . vars X Y : Nat . eq 0 + Y = Y . eq (s X) + Y = s(X + Y) . } --> ========================================================== --> properties about PNAT+ mod PRED-PNAT+ { pr(PNAT+) -- declaration of CafeOBJ variables vars X Y Z : Nat . -- 0 is right identity of _+_ op +ri : Nat -> Bool . eq +ri(X) = (X + 0 = X) . -- associativity of _+_ op +assoc : Nat Nat Nat -> Bool eq +assoc(X,Y,Z) = ((X + Y) + Z = X + (Y + Z)) . -- right successor of _+_ op +rs : Nat Nat -> Bool eq +rs(X,Y) = (X + s(Y) = s(X + Y)) . -- commutativity of _+_ op +comm : Nat Nat -> Bool eq +comm(X,Y) = (X + Y = Y + X) . } --> ========================================================== --> Property of PRED-PNAT+ --> \forall X:Nat.(X + 0 = X) --> (i.e. +ri(X:Nat) = true) --> ========================================================== -- Proof: By induction on X select PRED-PNAT+ . --> I induction base red +ri(0) . --> II induction Step red +ri(`x:Nat) implies +ri(s(`x)) . --> QED --> ========================================================== --> ========================================================== --> Property of PRED-PNAT+ --> \forall X,Y,Z:Nat.((X + Y) + Z = X + (Y + Z)) --> (i.e. +assoc(X:Nat,Y:Nat,Z:Nat) = true) --> ========================================================== -- Proof: By induction on X select PRED-PNAT+ . --> I induction Base red +assoc(0,`y:Nat,`z:Nat) . --> II induction Step red +assoc(`x:Nat,`y:Nat,`z:Nat) implies +assoc((s `x),`y,`z) . --> QED --> ========================================================== --> ========================================================== --> Property \forall X,Y:Nat.(X + s(Y) = s(X + Y)) --> (i.e. +rs(X:Nat,Y:Nat) = true) --> ========================================================== -- Proof: By induction on X select PRED-PNAT+ . --> I induction base red +rs(0,`y:Nat) . --> II induction step red +rs(`x:Nat,`y:Nat) implies +rs(s(`x),`y) . --> QED --> ========================================================== --> ========================================================== --> Property \forall X,Y:Nat.(X + Y = Y + X) --> (i.e. +comm(X,Y) = true) --> ========================================================== -- Proof: By induction on X --> I base base select PRED-PNAT+ . -- uses +ri(X:Nat) as a lemma. red +ri(`y:Nat) implies +comm(0,`y) . --> II induction step open PRED-PNAT+ . -- +rs(X:Nat,Y:Nat) is already proved eq X:Nat + (s Y:Nat) = s (X + Y) . -- check red +comm(`x:Nat,`y:Nat) implies +comm((s `x),`y) . close --> QED -- ========================================================== -- ========================================================== --> PNAT with _+_ and _*_ operations mod! PNAT+* { pr(PNAT) vars X Y : Nat . -- notice that assoc and comm of _+_ are already proved op _+_ : Nat Nat -> Nat {assoc comm prec: 30} eq 0 + Y = Y . eq s(X) + Y = s(X + Y) . -- _*_ connects stronger than _+_ -- because it has smaller precedence (prec:) op _*_ : Nat Nat -> Nat {prec: 29 r-assoc} eq 0 * Y = 0 . eq s(X) * Y = Y + (X * Y) . } -- ========================================================== --> properties about PNAT+* mod PRED-PNAT+* { pr(PNAT+*) -- CafeOBJ variables vars X Y Z : Nat -- _*_ distributes over _+_ from right op *distr : Nat Nat Nat -> Bool eq *distr(X,Y,Z) = ((X + Y) * Z = X * Z + Y * Z) . -- associativity of _*_ op *assoc : Nat Nat Nat -> Bool eq *assoc(X,Y,Z) = ((X * Y) * Z = X * (Y * Z)) . -- 0 is right zero of _*_ op *rz : Nat -> Bool eq *rz(X) = (X * 0 = 0) . -- right successor of _*_ op *rs : Nat Nat -> Bool eq *rs(X,Y) = (X * s(Y) = X + (X * Y)) . -- commutativity of _*_ op *comm : Nat Nat -> Bool eq *comm(X,Y) = (X * Y = Y * X) . } --> ========================================================== --> Property --> \forall X,Y,Z:Nat.((X + Y) * Z = X * Z + Y * Z) --> (i.e. *distr(X:Nat,Y:nat,Z:Nat) = true) --> ========================================================== -- Proof: By induction on X --> I induction base select PRED-PNAT+* . red *distr(0,`y:Nat,`z:Nat) . --> II induction step open PRED-PNAT+* . -- induction hypothesis op x : -> Nat . eq (x + Y:Nat) * Z:Nat = (x * Z) + (Y * Z) . -- check red *distr((s x),`y:Nat,`z:Nat) . close --> QED --> ========================================================== --> ========================================================== --> Property of PRED-PNAT+* --> \forall X,Y,Z:Nat.((X * Y) * Z = X * (Y * Z)) --> (i.e. *assoc(X:Nat,Y:Nat,Z:Nat) = true) --> ========================================================== -- Proof: By induction on X --> I base base select PRED-PNAT+* . red *assoc(0,`y:Nat,`z:Nat) . --> II induction step open PRED-PNAT+* . -- *distr(X:Nat,Y:Nat,Z:Nat) is already proved eq (X:Nat + Y:Nat) * Z:Nat = (X * Z) + (Y * Z) . -- induction hypothesis op x : -> Nat . eq (x * Y:Nat) * Z:Nat = x * (Y * Z) . -- check red *assoc(s(x),`y:Nat,`z:Nat) . close --> QED --> ========================================================== --> ========================================================== --> Property \forall X:Nat.(X * 0 = 0) --> (i.e. *rz(X:Nat) = true) --> ========================================================== -- Proof: By induction on X select PRED-PNAT+* . --> I induction base red *rz(0) . --> II induction step red *rz(`x:Nat) implies *rz(s(`x)) . --> QED -- ========================================================== --> ========================================================== --> Property \forall X,Y:Nat.(X * s(Y) = X + (X * Y)) --> (i.e. *rs(X:Nat,Y:Nat) = true) --> ========================================================== -- Proof: By induction on X --> I induction base select PRED-PNAT+* . red *rs(0,`y:Nat) . --> II induction step open PRED-PNAT+* . -- induction hypothesis op x : -> Nat . eq x * s(Y:Nat) = x + (x * Y) . -- check red *rs((s x),`y:Nat) . close --> QED -- ========================================================== --> ========================================================== --> Property \forall X,Y:Nat.(X * Y = Y * X) --> (i.e. *comm(X:Nat,Y:Nat) = true) --> ========================================================== -- Proof: By induction on X --> I induction base select PRED-PNAT+* . -- *rz(X:Nat) is already proved red *rz(`y:Nat) implies *comm(0,`y:Nat) . --> II induction step open PRED-PNAT+* . -- *rs(X:Nat,Y:Nat) is already proved eq X:Nat * (s Y:Nat) = X + (X * Y) . -- induction hypothesis op x : -> Nat . eq x * Y:Nat = Y:Nat * x . -- check red *comm((s x),`y:Nat) . close --> QED -- ========================================================== -- ========================================================== --> end -- ==========================================================