Example DTF Problem

The following example formalizes the base case of the inductive proof that append on fixed-length lists is associative. 

%------------------------------------------------------------------------------
%----The theory of natural numbers. Well-established and simply typed.
thf(nat_type,type,
    nat: $tType ).

thf(zero_type,type,
    zero: nat ).

thf(suc_type,type,
    suc: nat > nat ).

thf(plus_type,type,
    plus: nat > nat > nat ).

thf(ax1,axiom,
    ! [N: nat] :
      ( ( plus @ zero @ N ) = N ) ).

%----The second defining equation for 'plus' is not necessary in the base case.
%----The associativity of plus is needed for type checking (and, in fact, only
%----for type checking)
thf(plus_assoc,axiom,
    ! [M1: nat,M2: nat,M3: nat] :
      ( ( plus @ M1 @ ( plus @ M2 @ M3 ) )
      = ( plus @ ( plus @ M1 @ M2 ) @ M3 ) ) ).

%----A type of arbitrary elements for our list.
thf(elem_type,type,
    elem: $tType ).

%----Dependent types: the list type takes a nat typed term and returns a type
thf(list_type,type,
    list: nat > $tType ).

%----'nil', the empty list, is specified to have length 0, encoding properties
%----into types that would otherwise need definitions of a length function,
%----additional axioms, etc.
thf(nil_type,type,
    nil: list @ zero ).

%----The 'cons' operator is dependently typed, taking a nat corresponding to
%----the length of the input vector. Note that this prevents any conjecture
%----from trying to establish nil' as a result of cons, as this wouldn't
%----type-check.
thf(cons_type,type,
    cons:
      !>[N: nat] : ( elem > ( list @ N ) > ( list @ ( suc @ N ) ) ) ).

%----'app' is also dependent, incorporating reasoning about plus into the type
%----checking procedure.
thf(app_type,type,
    app:
      !>[N: nat,M: nat] : 
        ( ( list @ N ) > ( list @ M ) > ( list @ ( plus @ N @ M ) ) ) ).

%----First (and for this conjecture, the only) defining equation of 'app'
thf(ax3,axiom,
    ! [N: nat,X: list @ N] :
      ( ( app @ zero @ N @ nil @ X ) = X ) ).

%----The conjecture: The base case of the induction proof. Note that this is
%----part of a larger problem, broken up to make it easier.
thf(list_app_assoc_base,conjecture,
    ! [M2: nat,L2: list @ M2,M3: nat,L3: list @ M3] :
      ( ( app @ zero @ ( plus @ M2 @ M3 ) @ nil @ ( app @ M2 @ M3 @ L2 @ L3 ) )
      = ( app @ ( plus @ zero @ M2 ) @ M3 @ ( app @ zero @ M2 @ nil @ L2 ) @ L3 ) ) ).
%------------------------------------------------------------------------------