I want to prove that two factorial functions are equivalent in Coq using induction.
The base case n = 0
is easy, however, the induction case is more complicated. I see, that if I could rewrite (visit_fac_v2 n' (n * a))
to n * (visit_fac_v2 n' a)
, I would be done. However, translating this idea into Coq causes me troubles.
How would one go about proving this in Coq?
Fixpoint fac_v1 (n : nat) : nat :=
match n with
| 0 => 1
| S n' => n * (fac_v1 n')
end.
Fixpoint visit_fac_v2 (n a : nat) : nat :=
match n with
| 0 => a
| S n' => visit_fac_v2 n' (n * a)
end.
Definition fac_v2 (n : nat) : nat :=
visit_fac_v2 n 1.
Proposition equivalence_of_fac_v1_and_fac_v2 :
forall n : nat,
fac_v1 n = fac_v2 n.
Proof.
Abort.
A typical thing to do when proving that a direct-style function and its accumulator-based equivalent are equal is to state a stronger invariant which ought to be true for any value the accumulator may hold.
You can then specialise it to the value the function is called with thus obtaining the statement you are interested in as a corollary of the more general one.
The general statement here is as follows:
Theorem general_equivalence_of_fac_v1_and_fac_v2 :
forall n a : nat,
a * fac_v1 n = visit_fac_v2 n a.
And its proof is fairly straightforward (you do have to be careful and ensure that induction
comes before intro a
because you want the induction hypothesis to be valid for any a
):
Proof.
intros n; induction n; intro a.
- simpl ; ring.
- simpl ; rewrite <- IHn ; ring.
Qed.
Your proposition is a direct consequence of this more general theorem.
In the inductive case, you can apply the induction hypothesis and simplify the goal to:
visit_fac_v2 n 1 + n * visit_fac_v2 n 1 = visit_fac_v2 n (S n)
To prove this, you can use the following lemma:
Lemma visit_fac_v2_extract:
forall n a : nat,
visit_fac_v2 n a = a * visit_fac_v2 n 1.