Week 8: Full Proof of Associativity:ΒΆ

Last time we proved associativity for the base case (aka case nil). This time we aim to fill the gap for the inductive step and complete the proof. Remember we try to prove

app (app xs ys) zs = app xs (app ys zs)

The base case is when xs = [] and we proved

app (app [] ys) zs = app [] (app ys zs)

For inductive step, we first give a diagrammatic proof. (On the board)

Notice that the inductive step which should be proved is

app (app (x::xs) ys) zs = app (x::xs) (app ys zs)

While the induction hypothesis is

app (app xs ys) zs = app xs (app ys zs)

The full proof is as follows

Signatures:
    app  : _a list -> _a list -> _a list ;
    rev  : _a list -> _a list ;

Definitions:
    [app nil] : forall xs : _a list . app [] xs = xs : _a list ;
    [app xs]  : forall x : _a . forall xs : _a list . forall ys : _a list . app (x::xs) ys = x :: app xs ys : _a list ;
    [rev nil] : rev [] = [] : _a list ;
    [rev xs]  : forall xs : _a list . forall x : _a . rev (x :: xs) = app (rev xs) (x :: []) : _a list ;


Theorem [lemma]:
    Statement: forall xs : _a list . forall ys : _a list . forall zs : _a list .
               app (app xs ys) zs = app xs (app ys zs) : _a list
    Proof:
        by induction on list:
        case nil:
            assume ys : _a list.
            assume zs : _a list.
            we know [prem 1] : app [] ys = ys : _a list because [app nil] with (ys).
            we know [prem 2] : app [] (app ys zs) = (app ys zs) : _a list because [app nil] with (app ys zs).

            we know [step 1] : app (app [] ys) zs = app ys zs : _a list because equality on ([prem 1]).
            we know [step 2] : app (app [] ys) zs = app [] (app ys zs) : _a list because equality on ([step 1];[prem 2]).
            by [step 2]

        case (x::xs): [IH] : forall ys : _a list . forall zs : _a list .
                        app (app xs ys) zs = app xs (app ys zs) : _a list .
            assume ys : _a list.
            assume zs : _a list.
            we know [prem 1] : app (x::xs) ys = x::(app xs ys) : _a list because [app xs] with (x;xs;ys).
            we know [prem 2] : app (x::(app xs ys)) zs = x::(app (app xs ys) zs) : _a list because [app xs] with (x;app xs ys;zs).
            we know [prem 3] : app (app xs ys) zs = app xs (app ys zs) : _a list because [IH] with (ys;zs).
            we know [prem 4] : app (x::xs) (app ys zs) = x::(app xs (app ys zs)) : _a list because [app xs] with (x;xs;app ys zs).

            we know [step 1] : app (app (x::xs) ys) zs = app (x::(app xs ys)) zs : _a list because equality on ([prem 1]).
            we know [step 2] : app (app (x::xs) ys) zs = x::(app (app xs ys) zs) : _a list because equality on ([step 1];[prem 2]).
            we know [step 3] : app (app (x::xs) ys) zs = x::(app xs (app ys zs)) : _a list because equality on ([step 2];[prem 3]).
            we know [step 4] : app (app (x::xs) ys) zs = app (x::xs) (app ys zs) : _a list because equality on ([step 3];[prem 4]).
            by [step 4]
    QED.

Now we can prove a more specific proposition

Theorem [example 6]:
    Statement: forall xs : _a list . forall x : _a . forall ys : _a list .
           app (app (rev ys) (rev xs)) (x::[]) = app (rev ys) (app (rev xs) (x::[])) : _a list
    Proof:
        assume xs : _a list .
        assume x : _a .
        assume ys : _a list .
        [lemma] with (rev ys; rev xs; x::[])
    QED.