What you're trying to prove doesn't hold if y <= z, because with nat a-b is zero if a <= b. Omega is a useful tactic to use for inequalities and simple arithmetic over nat. Require Import Omega. Theorem foo: forall x y z:nat, (x = 0 \/ z <=...

You can use tauto to prove it automatically: Section Question1. Variables P Q R: Prop. Hypotheses H1 : R -> P \/ Q. Hypotheses H2 : R -> ~Q. Theorem trans : R -> P. Proof. intro HR. tauto. Qed. If you want to prove it manually, H1 says that...

There is not much to prove. There is simply a rule (which can't be explained or broken down into anything smaller) that case statements which try to match undefined against a constructor result in undefined. Once you accept this rule, we can observe undefined ++ ys = { by definition...

proof,isabelle,theorem-proving,isar

It mostly depends on whether you are using the archaic (sorry for that ;)) apply-style or proper structured Isar for proving. I will give a small example to cover both styles. Assume you wanted to prove lemma "A & B" Where A and B just serve as placeholders for potentially...

haskell,proof,category-theory,correctness,idris

I believe that McBride has answered that question (for Type Theory) in his ornament paper (pdf). The concept you are looking for is the one of an algebraic ornament (emphasis mine): An algebra φ describes a structural method to interpret data, giving rise to a fold φ oper- ation, applying...

algorithm,asymptotic-complexity,proof,growth-rate

Your statement is not true, consider the following counter-example: Take f(n) = 2n2 = O(n2) and g(n) = n2 = O(n2). We have: (f-g)(n) = n2, which is definitely not a constant and hence (f-g)(n) ≠ O(1)....

algorithm,graph-algorithm,discrete-mathematics,proof

Disclaimer: I don't know how much formal you want your proof to be and I'm not familiar with formal proofs. induction on the while loop: Is it true at the beginning? Does it remain true after a step (quite simple path property)? same idea, induction on k (why k+1???): Is...

You want to do destruct (split A B tx). This will break it up, binding the two pieces to ta and tb

algorithm,time-complexity,proof,dht,kademlia

It has been a while since I've actually read the paper, so I'm mostly piecing this together from my implementation experience instead of trying to match the concepts that I have in my head to the formal definitions in the paper, so take the following with a little grain of...

This can be proven by induction, but as previous posters have shown, it's tricky to get formally correct when referring to K directly in the proof. Here's my suggestion: Let P(n) be the property we want to show: P(n) holds iff K(n) yields 1 for n = 1, and 0...

math,proof,prime-factoring,number-theory

Initially the process proceeds to search for the smallest factor of n smaller than its square root. If it doesn't have one, then n is prime. So print out n as it's one smallest prime factor! If you find a smallest factor then it must be prime. If not, it's...

Unfortunately, the theorem that you want to prove here is not in fact true, because Idris naturals truncate subtraction at 0. A counterexample to your theorem1 is n=3, m=0. Let's step through the evaluation: First, we substitute: 3 + (0 - 3) = 0 Next, we desugar the syntax to...

algorithm,asymptotic-complexity,proof,growth-rate

You're not thinking of this at large enough scale: If you have a variable, n multiplied by a constant k and n is growing, the effect of k is minimised. And it becomes a limit problem, from grade school calculus....

loops,logic,proof,turing-machines,halting-problem

You need to prove that H does not exist. You have shown that H applied to itself cannot print "does not halt". But, as you rightfully point out, the possibility that it prints "does halt" is not excluded. There's no apparent contradiction in this. So this application of H to...

proof,agda,idris,proof-of-correctness,isar

Coq has extensive libraries covering real analysis. Various developments come to mind: the standard library and projects building on it such as the now defunct coqtail project [1] (with extensive coverage of power series and quite a bit of work on Complex numbers) or the more recent coquelicot. All of...

logic,proof,logic-programming,first-order-logic

My guess would be model theory since the fixpoint semantics of a logic program is its model. However, we know that |= coincides with |- for logic programs, so the semantics based on proving (=resolution) coincide with the semantics based on the fixed points (models). The preceding discussion is valid...

Function application has higher precedence than ::. So, your code test_max test::(List.tl list) should indeed be test_max (test::List.tl list). Also, you shouldn't use a ; in this place, as it's used to separate unit instructions. Just put nothing and it'll be fine. As for some proof hints: n + m...

math,tree,minimum-spanning-tree,proof

The sets must have the same weight. Here's a simple proof: suppose they don't. Let's let T1 and T2 be MSTs for some graph G with different multisets of edge weights. Sort those edges into ascending order of weight. Since the two multisets of weights aren't the same, look at...

Suppose the input arrays are [a b c d e] and [x y] We start by trying to insert x into the larger array. We do binary search but we take a chance: We don't start in the middle but slightly to the left: We check x < b. If...

logic,proof,proof-of-correctness

Necessary / sufficient doesn't have much to do with soundness and completeness so I'll explain the two concepts separately. Necessary / sufficient: In your example, the two statements are equivalent: X>Y if and only if Y<X. So it is indeed the case that B implies A and A implies B....

The problem: powApplyI was not provably total, according to Idris. Idris' totality checker relies on being able to reduce parameters to structurally smaller forms, and with raw ZZs, this doesn't work. The answer is to delegate the recursion to plain old powApply (which is proven total): total powApplyI : ZZ...

algorithm,graph,tree,proof,spanning-tree

Negate all the edge weights in the graph. Then the problems get changed to Minimum Spanning Tree and Minimum Bottleneck Spanning Tree respectively. Now every Minimum Spanning Tree is also a Minimum Bottleneck Spanning Tree. Proof by Cut Property. http://flashing-thoughts.blogspot.in/2010/06/everything-about-bottleneck-spanning.html...

I'm fairly certain that this is not provable. Given your proof context: 4 subgoal a : aexp a0 : aexp st : state ______________________________________(1/4) (BEq a a0 = BTrue \/ BEq a a0 = BFalse) \/ (exists b' : bexp, BEq a a0 / st ==>b b') You need to...

algorithm,big-o,discrete-mathematics,proof

Your proof is 100% correct. An alternative one is using limits to infinity. lim_(x->infinity) (x+1)!/x! when x->infinity = lim_(x->infinity) x = infinity The above contradicts (x+1)! for being in O(x!)...

The claim minimax has is: Minimax is giving optimal strategy if the other player is also using the same strategy. Base: For a leaf in the game tree - there is only one strategy, which minimax obviously chooses, and it is optimal - since it is the only one. Hypothesis:...

pattern-matching,proof,agda,dependent-type

You can use the Agda keyword rewrite to apply a propositional equivalence on your goal: insertCorrect : ∀ {n} -> ∀ x l -> sorted n l -> sorted (n ⊓ x) (insert x l) insertCorrect {n} x nil p with intDec n x insertCorrect {n} x nil p |...

The most general answer I can come up with is that any greedy algorithm will find local optima. If a problem has several local optima where only one of them represent the global optimum, then any greedy algorithm might get stuck at one of the local optima. To find a...

Equational reasoning is fun! You'll get the knack of it pretty quickly, if you do a few proofs yourself. I warmly recommend ch. 13 of Graham Hutton's Programming in Haskell for a concise introduction. Anyway, you can prove that, for all equatable and finite (see Tom Ellis's answer) xs, ys...

equality,proof,agda,dependent-type,heterogeneous

In fact it should be easy to show that get (ρ′ , x′) equals get (ε ∷ ρ′ , suc⁺ x′). First, the reason that Agda does not see this equality is that the functions suc⁺ doesn't reduce for an argument of a general form x'. This is because...

The principle you want is known as functional extensionality; in its most general form, it says Axiom fun_ext : forall (A B : Type) (f g : A -> B), (forall x : A, f x = g x) -> f = g. Unfortunately, in spite of being useful, this...

For integers, either ring or omega should be able to solve such a goal. It can also be done manually. It helps to disable notations so that function names appear (in order use SearchAbout to find useful lemmas). The following is probably not the shortest possible proof, just the first...

algorithm,asymptotic-complexity,proof,growth-rate

Method 1: Let's take: f(n) = n^2 g(n) = n*logn f(n) is in Ω(g(n)) if there is c > 0 and n0 > 0 such that: f(n) >= c*g(n) for every n >= n0. This means: n*n >= c*n*logn |:n ( n>=n0>0 ) n >= c*logn Let's choose c=1 and...

proof,formal-methods,post-conditions,proof-of-correctness,hoare-logic

This question seems so simple that I am getting completely lost, what exactly is it asking for? The question is asking for you to formally prove that the program behaves as specified, by the rigorous application of a set of rules decided on in advance (as opposed to reading...