Day21_sorting.texToday we'll be doing some in depth proof translation, converting a variety of proofs from day 17's sorting case study.
We'll show four proofs here, followed by some discussion of how to talk about reflected definitions in your informal proofs.
Permutation_lengthTheorem: If $l_1$ is a permutation of $l_2$, then the two lists are the same length.
Proof: By induction on the derivation of $\texttt{Permutation}(l_1, l_2)$.
(perm_nil) In this case, $l_1 = l_2 = \texttt{[]}$, and we must
show that they both have the same length. Which they do: they're
both of length 0.
(perm_skip) We have $l_1 = x::l_1'$ and $l_2 = x::l_2'$; our IH
is that $l_1'$ and $l_2'$ are the same length, and we must show
that $l_1$ and $l_2$ have the same length. These lists just cons
$x$ onto the front, and their tails have equal length according to
the IH, so they must be the same length.
(perm_swap) Here $l_1 = x::y::l'$ and $l_2 = y::x::l'$. These
lists are clearly of the same length---2 more than the length of
their common tail, $l'$.
(perm_trans) Here we have that $l_1$ is a permutation of some
list $l'$, which is a permutation of $l_2$. Our IHs say that (a)
$l_1$ and $l'$ have the same length and (b) $l_2$ and $l'$ have the
same length. So $l_1$ and $l_2$ must have the same length because
equality is transitive.
QED
monotonic_preserves_sortednessTheorem: if $f : \mathbb{N} \rightarrow \mathbb{N}$ is monotonic, then mapping $f$ over a list preserves sortedness.
Proof: Suppose we have some monotonic $f$, i.e., $x \le y$ implies $f(x) \le f(y)$. We must show that if $l$ is sorted, then $\texttt{map}(f, l)$ is sorted. We go by induction on the derivation of $\texttt{sorted}(l)$.
(sorted_nil) $\texttt{map}(f, \texttt{[]}) = \texttt{[]}$; we
must show the empty list is sorted. By sorted_nil.
(sorted_1) $\texttt{map}(f, \texttt{[$x$]}) =
\texttt{[$f(x)$]}$. We must show this singleton list is sorted. By
sorted_1.
(sorted_cons) We have $l = x::y::l'$, where $x \le y$ and $y::l'$
is sorted. Our IH shows that $\texttt{map}(f, y::l')$ is sorted; we
must show that $\texttt{map}(f, x::y::l')$ is sorted.
We have $\texttt{map}(f, x::y::l') = f(x)::f(y)::\texttt{map}(f,
l')$. Since $x \le y$ and $f$ is monotonic, we have $f(x) \le
f(y)$. We also find that $f(y)::\texttt{map}(f, l') =
\texttt{map}(f, y::l')$ is sorted by the IH. So we are done, by
sorted_cons.
QED
insert_sorted_permTheorem: $x::l$ is a permutation of $\texttt{insert_sorted}(x,l)$.
Proof: By induction on $l$.
($l = \texttt{[]}$) We have $\texttt{insert_sorted}(x,\texttt{[]})
= \texttt{[$x$]}$; we must show it is a permutation of itself,
which we do by Permutation_refl.
($l = y::l'$) As our IH, we know that $\texttt{insert_sorted}(x, l')$ is a permutation of $x::l'$; we must show that $x::y::l'$ is a permutation of $\texttt{insert_sorted}(x,y::l')$.
If $x \le y$, then $\texttt{insert_sorted}(x, y::l') = x::y::l'$... which is a permutation of $x::l$ because of \texttt{Permutation_refl}.
If, on the other hand, $y < x$, then $\texttt{insert_sorted}(x, y::l') = y::\texttt{insert_sorted}(x, l')$. We need to show that $x::y::l'$ is a permutation of $y::\texttt{insert_sorted}(x, l')$. We do so by transitivity (\texttt{perm_trans}), showing that $x::y::l'$ is a permutation of $y::x::l'$ by \texttt{perm_swap} and that $y::x::l'$ is a permutation of $y::\texttt{insert_sorted}(x, l')$ by \texttt{perm_skip} and the IH.
QED
sort_permTheorem: $l$ is a permutation of $\texttt{sort}(l)$.
Proof: By induction on $l$.
($l = \texttt{[]}$) Since $\texttt{sort}(\texttt{[]}) = \texttt{[]}$, we need merely show that the empty list is a permutation of itself. By \texttt{perm_nil}.
($l = x::l'$) Our IH gives us that $l'$ is a permutation of $\texttt{sort}(l')$; we must show that $x::l'$ is a permutation of $\texttt{sort}(x::l')$.
We use \texttt{perm_trans} to show that $x::l'$ is a permutation of $x::\texttt{sort}(l')$ (by \texttt{perm_skip}), which is a permutation of $\texttt{insert_sorted}(x, \texttt{sort}(l'))$ (by the IH and the previous theorem).
QED
leb vs $\le$The leb_complete and leb_correct lemmas reflect leb into $\le$:
leb n m = true iff $n \le m$. Our formal Coq proofs invoke these
lemmas to move from the computational world of leb to the
propositional world of $\le$.
Informal proofs treat reflection more informally. Once we've
established an if-and-only-if relationship like reflection, we'll
freely move between the two worlds without invoking leb_iff or any
such lemma.
If you're unsure whether or not to invoke a lemma, please just ask!
bad_function_breaks_sortednessDefinition: let our "bad function" $f : \mathbb{N} \rightarrow \mathbb{N}$ be defined as:
\[ f(n) = \begin{cases} 1 & n \text{ is even} \\ 0 & \text{otherwise} \\ \end{cases} \]
Theorem: $f$ does not preserve sortedness.
Pedantic proof: Suppose for a contradiction that $f$ preserved sortedness, i.e., if $l$ is sorted than $\texttt{map}(f, l)$ is sorted. Fix $l = \texttt{[$2$; $3$]}$, and observe that $l$ is sorted. We find $\texttt{map}(f, l) = \texttt{[$f(2)$; $f(3)$]} = \texttt{[$1$; $0$]}$... which is not sorted. $\unicode{x21af}$
More casual but totally acceptable proof: To see that $f$ doesn't preserve sortedness, we offer a counterexample: $l = \texttt{[$2$; $3$]}$ is sorted, but $\texttt{map}(f, l) = \texttt{[$f(2)$; $f(3)$]} = \texttt{[$1$; $0$]}$ isn't. $\unicode{x21af}$
It's common to end such proofs by contradiction by ↯. A variety of $\LaTeX$ packages support it, but not MathJax (the JavaScript library that renders this textbook). I've just used a Unicode character, which you can write $\unicode{x21af}$. You can also just write QED.