--> ========================================================== --> Proof scores for verifications of properties (including --> associativity and commutativity of _+_ and _*_) about --> Peano Style natural numbers --> kf151028 --> ========================================================== --> Peano style natural numbers mod! PNAT { [ Nat ] op 0 : -> Nat {constr} . op s_ : Nat -> Nat {constr} . -- equality over the natural numbers eq (0 = (s Y:Nat)) = false . eq ((s X:Nat) = (s Y:Nat)) = (X = Y) . } --> PNAT with plus _+_ operation mod! PNAT+ { pr(PNAT) op _+_ : Nat Nat -> Nat {r-assoc} . vars X Y : Nat . eq 0 + Y = Y . eq (s X) + Y = s (X + Y) . } --> ========================================================== --> Property of PNAT+: _+_ is associative (+assoc) --> eq[+assoc]: eq (X:Nat + Y:Nat) + Z:Nat = X + (Y + Z) . --> ========================================================== -- Proof: By induction on X --> I Induction Base select PNAT+ . red (0 + `y:Nat) + `z:Nat = 0 + (`y + `z) . --> II Induction Step open PNAT+ . -- induction hypothesis op x : -> Nat . eq (x + Y:Nat) + Z:Nat = x + (Y + Z) . -- check red ((s x) + `y:Nat) + `z:Nat = (s x) + (`y + `z) . close --> QED --> ========================================================== --> ========================================================== --> Property of PNAT+: 0 is right identity of _+_ (+rz) --> eq[+ri]: X:Nat + 0 = X . --> ========================================================== -- Proof: By induction on X --> I Induction Base select PNAT+ . red 0 + 0 = 0 . --> II Induction Step open PNAT+ . -- induction hypothesis op x : -> Nat . eq x + 0 = x . -- check red (s x) + 0 = (s x) . close --> QED --> ========================================================== --> ========================================================== --> Property of PNAT+: right successor of _+_ (+rs) --> eq[+rs]: X:Nat + (s Y:Nat) = s (X + Y) . --> ========================================================== -- Proof: By induction on X --> I Induction Base select PNAT+ . red 0 + (s `y:Nat) = s (0 + `y) . --> II Induction Step open PNAT+ . -- induction hypothesis op x : -> Nat . eq x + (s `y:Nat) = s (x + `y) . -- check red (s x) + (s `y:Nat) = s ((s x) + `y) . close -- --> QED --> ========================================================== --> ========================================================== --> Property of PNAT+: _+_ is commutative (+comm) --> eq[+comm]: X:Nat + Y:Nat = Y + X . --> ========================================================== -- Proof: By induction on X --> I Induction Base -- This case uses +rz(y) as a lemma. open PNAT+ . -- proved property eq[+ri]: X:Nat + 0 = X . -- check red 0 + `y:Nat = `y + 0 . close --> II Induction Step open PNAT+ . -- proved property eq[+rs]: X:Nat + (s Y:Nat) = s (X + Y) . -- induction hypothesis op x : -> Nat . eq x + Y:Nat = Y + x . -- check red (s x) + `y:Nat = `y + (s x) . close --> QED --> ========================================================== --> ========================================================== --> PNAT with _+_ and _*_ operations mod! PNAT+* { pr(PNAT) vars X Y : Nat . -- notice that assoc and comm of _+_ are already proved op _+_ : Nat Nat -> Nat {assoc comm prec: 30} eq 0 + Y = Y . eq s(X) + Y = s(X + Y) . -- _*_ connects stronger than _+_ -- because it has smaller precedence (prec:) op _*_ : Nat Nat -> Nat {prec: 29 r-assoc} eq 0 * Y = 0 . eq s(X) * Y = Y + (X * Y) . } ** "{assoc comm prec: 30}" declares that the operator "_+_" ** is associative and commutative and parsing precedence 30. --> ========================================================== --> Property of PNAT+*: --> _*_ distributes over _+_ from right (*distr) --> eq[*distr]: (X:Nat + Y:Nat) * Z:Nat = X * Z + Y * Z . --> ========================================================== -- Proof: By induction on X --> I Base case select PNAT+* . red (0 + `y:Nat) * `z:Nat = 0 * `z + `y * `z . --> II Induction step open PNAT+* . -- induction hypothesis op x : -> Nat . eq (x + Y:Nat) * Z:Nat = (x * Z) + (Y * Z) . -- check red ((s x) + `y:Nat) * `z:Nat = (s x) * `z + `y * `z . close --> QED --> ========================================================== --> ========================================================== --> Property of PNAT+*: _*_ is associative (*assoc) --> eq[*assoc]: (X:Nat * Y:Nat) * Z:Nat = X * (Y * Z) . --> ========================================================== -- Proof: By induction on X --> I Induction Base select PNAT+* . red (0 * `y:Nat) * `z:Nat = 0 * (`y * `z) . --> II Induction Step open PNAT+* . -- proved property eq[*distr]: (X:Nat + Y:Nat) * Z:Nat = (X * Z) + (Y * Z) . -- induction hypothesis op x : -> Nat . eq (x * `y:Nat) * `z:Nat = x * (`y * `z) . -- check red ((s x) * `y:Nat) * `z:Nat = (s x) * (`y * `z) . close --> QED --> ========================================================== --> ========================================================== --> Property of PNAT+*: 0 is right-zero of _*_ (*rz) --> eq[*rz]: X:Nat * 0 = 0 . --> ========================================================== -- Proof: By induction on X --> I Induction Base select PNAT+* . red 0 * 0 = 0 . --> II Induction Step open PNAT+* . -- induction hypothesis op x : -> Nat . eq x * 0 = 0 . -- check red (s x) * 0 = 0 . close --> QED --> ========================================================== --> ========================================================== --> Property of PNAT+*: right-successor of _*_ (*rs) --> eq[*rs]: X:Nat * (s Y:Nat) = X + (X * Y) . --> ========================================================== -- Proof: By induction on X --> I Induction Base select PNAT+* . red 0 * (s `y:Nat) = 0 + (0 * `y) . --> II Induction Step open PNAT+* . -- induction hypothesis op x : -> Nat . eq x * (s `y:Nat) = x + (x * `y) . -- check red (s x) * (s `y:Nat) = (s x) + ((s x) * `y) . close --> QED -- ========================================================== --> ========================================================== --> Property of PNAT+*: _*_ is commutative (*comm) --> eq[*comm]: X:Nat * Y:Nat = Y * X . --> ========================================================== -- Proof: By induction on X --> I Induction Base open PNAT+* . -- proved property eq[*rz]: X:Nat * 0 = 0 . -- check red 0 * `y:Nat = `y * 0 . close --> II Induction Step open PNAT+* . -- proved property eq[*rs]: X:Nat * (s Y:Nat) = X + (X * Y) . -- induction hypothesis op x : -> Nat . eq x * Y:Nat = Y * x . -- check red (s x) * `y:Nat = `y * (s x) . close --> QED --> ========================================================== -- ========================================================== -- end -- ==========================================================