How can I find out if a specification is precise enough?

kindaro · February 14, 2020, 1:56pm

I am reading Software Foundations, chapter Logic. See here. There is an informal exercise that asks:

Are there any important properties of the function forallb which are not captured by this specification?

Here are the relevant types:

forallb: (?X -> bool) -> list ?X -> bool

All:     (?T -> Prop) -> list ?T -> Prop

forallb_true_iff: forall (X : Type) (test : X -> bool) (l : list X),
       forallb' test l = true <-> All (fun x : X => test x = true) l

I have proven this theorem with two variants of forallb that process the list in either usual or reverse order. So, the order of evaluation is not captured.

Is this the «important property» the book hints at?
How hard would it be to formally prove that forallb_true_iff nails forallb exactly up to the order of evaluation?

Lyxia · February 18, 2020, 3:33pm

You can prove that any two functions satisfying that specification always produce the same result, so the only remaining differences would only concern implementation details, such as evaluation order or running time. It would be an exercise well adapted to the level of Software Foundations.

Topic		Replies	Views
Prove forall f (b: bool), f (f b) <> f b -> f (f (f b)) = f b? Using Coq	3	918	February 11, 2020
Proof request: use of Forall to enumerate and uniformly prove test cases correct Using Coq	1	421	February 13, 2020
Another Proof From Logical Foundations Exercises Using Coq software-foundations	7	1566	October 1, 2020
Simplify proofs with neested pattern matching Using Coq ltac2	1	654	June 30, 2020
Bug in universe inference? Using Coq	3	688	October 27, 2020

How can I find out if a specification is precise enough?

Related Topics