To play this document inside your browser use ALT-N and ALT-P. You can save your edits inside your browser and load them back (edits are also saved when you close the window). Finally you can download the file for offline editing.

From elpi Require Import elpi.
From HB Require Import structures.
From mathcomp Require Import all_ssreflect.
From mathcomp Require ssralg ssrnum zmodp. (* all_algebra *)

Set Implicit Arguments.
Unset Strict Implicit.
Unset Printing Implicit Defensive.

The algebra library

This is a central part of the mathematical components library.
This library register a various range of (mathematical) structures.
- types with decidable equality: eqType
- types with a finite number of elements: finType
- finite groups: finGroupType
- abelian (not possibly finite) groups: zmodType
- rings: ringType
- rings with invertible elements: unitRingType
- commutative rings: comRingType
- integral domains: idomainType
- fields: fieldType
- left modules: lmodType
- left algebra: lalgType
- algebra: algType
- finite dimensional vector spaces: vectType
- ...
These structures share operators: e.g. the operator (_ + _), introduced for abelian groups (zmodType), is also available for all the structures that inherit it (rings, domains, fields, etc...)
All of these structures are discrete: they all have decidable equality: the operator (_ == _) is available on all of them.
Here is a picture of the begining of the hierarchy
Extensive documentation in the header of:
- ssralg
- ssrnum
In addition there are structures for maps (additive morphisms, ring morphisms, etc...), and substructures (subgroup, subsemiring, subring, subfield, etc...)
From math-comp 2.0 alpha, structures are generated by the external tool Hierarchy Builder

Roadmap for the lesson:

introduction of the general definition pattern for algebraic structures
instantiation of a structure in the library
exploration of the theory provided by this structure and naming conventions
creation of a algebraic substructure and predicate and their use

Defining a mathematical structure in Coq.

This is how mathematical structures are defined in the library. We define structures as sets of mixins (they look more like traits in object oriented slang)

Module AlgebraicStructuresDemo.

HB.mixin Record hasAbsorbingOp T := {
(* symbols: constants and operators *)
  c    : T;
  op   : T -> T -> T;

(* axioms: properties on the symbols *)
  opxc : forall x, op x c = c;
  opC : forall x y, op x y = op y x
}.
(* Absorbing operator structure *)
HB.structure Definition AbsorbingOp := {T of hasAbsorbingOp T}.

HB.about AbsorbingOp.
(*
HB: AbsorbingOp.type is a structure (from "(stdin)", line 16)
HB: AbsorbingOp.type characterizing operations and axioms are:
    - opC
    - opxc
    - op
    - c
HB: AbsorbingOp is a factory for the following mixins:
    - hasAbsorbingOp (* new, not from inheritance *)
*)

(* Notations for the symbols which are immediately available after the definition of the structure*)
Notation "x * y" := (op x y).
Notation "0" := c.

(* Once this is done, we can write the theory associated to this structure *)
Section my_struct_theory.

Variable s : AbsorbingOp.type.

(* Theory of the structure *)
Lemma opcx (x : s) : c * x = c.
Proof. by rewrite opC opxc. Qed.

End my_struct_theory.

Defining a mathematical hierarchy in Coq.

Adding a structure is adding more mixins and packaging them into structures.

HB.mixin Record hasFunnyPred T of hasAbsorbingOp T := {
(* symbols: constants and operators *)
  pr   : pred T;
(* axioms: properties on the symbols *)
  pr_xc : forall x, pr (x * c)
}.
HB.structure Definition Funny :=
  {T of AbsorbingOp T & hasFunnyPred T}.

HB.about Funny.
(*
HB: Funny.type is a structure (from "(stdin)", line 52)
HB: Funny.type characterizing operations and axioms are:
    - pr_xc
    - pr
HB: Funny is a factory for the following mixins:
    - hasAbsorbingOp
    - hasFunnyPred (* new, not from inheritance *)
HB: Funny inherits from:
    - AbsorbingOp
#*)

Section my_struct2_theory.

Variable s : Funny.type.

(* <tt>pr</tt> becomes immediately available *)
Lemma pr_c : pr (c : s).
Proof. by rewrite -(opcx c) pr_xc. Qed.

Lemma pr_cx (x : s) : pr (c * x).
Proof. by rewrite opC pr_xc. Qed.

End my_struct2_theory.

Adding alternative definitions of structures to the hierarchy.

We need a factory and builders

HB.factory Record hasPredOnC T of hasAbsorbingOp T := {
(* symbols: constants and operators *)
  pr   : pred T;
(* axioms: properties on the symbols *)
  pr_c : pr c
}.
HB.builders Context T of hasPredOnC T.
Lemma pr_xc x : pr (x * c). Proof. by rewrite opxc pr_c. Qed.
(* this is a particular case of instanciation, see next section *)
HB.instance Definition _ := hasFunnyPred.Build T pr_xc.
HB.end.

Fail HB.structure Definition already_defined :=
  {T of hasAbsorbingOp T & hasPredOnC T}.

End AlgebraicStructuresDemo.

Hierarchy Builder (HB) now automatically recognizes that hasPredOnC can define a Funny.type and only that, hence the failing structure definition. Now, one can use the factory hasPredOnC instead of hasFunnyPred to define a Funny.type.

Inhabiting the mathematical structures hierarchy.

We now show on the example of integers how to instantiate the mathematical structures that integers satisfy.
In order to minimize the work of the user, the library lets you inhabit structures by instanciating mixins and factory, one at a time. Each time we want to build structures, we only declare the mixin/factory as an HB.instance. One or several structures will be automatically instantiated.
We catagorize five different ways to build structures. Th three first will be shown here. The fourth will be shown in the exercices, and the fifth one won't be shown.
- using a partially isomorphic structure (and providing the witness).
- by instanciating just the required mixin from scratch,
- by instanciating a factory to create one or several structures,
- by subtyping (in the exercise session),
- by quotienting (out of scope of the school).

Module InstantiationInteger.

Import ssralg GRing.Theory.
Local Open Scope ring_scope.

(* one can show the currently loaded hierarchy as follows: *)
HB.graph "hierarchy.dot". (* use e.g. tred hierarchy.dot | xdot - *)

First we define `int`

Variant int : Set := Posz of nat | Negz of nat.
Local Coercion Posz : nat >-> int.

Notation "n %:Z" := (Posz n)
  (at level 2, left associativity, format "n %:Z", only parsing).

Equality, countable and choice types, by injection

We provide an injection with explicit partial inverse, from int to nat + nat, this will be enough to provide the mixins for equality, countable and choice types.

Definition natsum_of_int (m : int) : nat + nat :=
  match m with Posz p => inl _ p | Negz n => inr _ n end.

Definition int_of_natsum (m : nat + nat) :=
  match m with inl p => Posz p | inr n => Negz n end.

Lemma natsum_of_intK : cancel natsum_of_int int_of_natsum.
Proof. by case. Qed.

We create the mixins for equality, countable and choice types from this injection, and gradually inhabit the hierarchy.

HB.howto Countable.type.
(* HB: solutions (use 'HB.about F.Build' to see the arguments of each factory F):
    - hasDecEq; hasChoice; isCountable *)

HB.instance Definition _ : hasDecEq int := CanEqMixin natsum_of_intK.
HB.instance Definition _ : hasChoice int := CanChoiceMixin natsum_of_intK.
HB.instance Definition _ : isCountable int := CanCountMixin natsum_of_intK.

(* Advanced way of doing it one go: *)
(* HB.instance Definition _ := Countable.copy int (can_type natsum_of_intK). *)

Abelian group structure, from scratch

We now create the abelian group structure of integers (here called Z-module), from scratch, introducing the operators and proving exactly the required properties.

Module intZmod.
Section intZmod.
HB.about GRing.isZmodule.Build.
(* HB: arguments: GRing.isZmodule.Build V [zero] [opp] [add] addrA addrC add0r addNr
    - V : Type
    - zero : GRing.Zmodule.sort V
    - opp : V -> V
    - add : V -> V -> V
    - addrA : associative +%R
    - addrC : commutative +%R
    - add0r : left_id 0 +%R
    - addNr : left_inverse 0 -%R +%R *)

Definition addz (m n : int) := match m, n with
  | Posz m', Posz n' => Posz (m' + n')
  | Negz m', Negz n' => Negz (m' + n').+1
  | Posz m', Negz n' => if n' < m' then Posz (m' - n'.+1)
                        else Negz (n' - m')
  | Negz n', Posz m' => if n' < m' then Posz (m' - n'.+1)
                          else Negz (n' - m') end.
Definition oppz m := match m with
    | Posz n => if n is (n'.+1)%N then Negz n' else Posz 0
    | Negz n => Posz (n.+1)%N end.
Lemma addzC : commutative addz. Admitted.
Lemma add0z : left_id (Posz 0) addz. Admitted.
Lemma oppzK : involutive oppz. Admitted.
Lemma addzA : associative addz. Admitted.
Lemma addNz : left_inverse (Posz 0) oppz addz. Admitted.

Definition Mixin := GRing.isZmodule.Build int addzA addzC add0z addNz.
End intZmod.
End intZmod.
(* We declare the instance *)
HB.instance Definition _ := intZmod.Mixin.
(* We can check that int can be converted to a [zmodType] *)
Check (int : zmodType).

Remark: we may develop here a piece of abelian group theory which is specific to the theory of integers. E.g.

Lemma PoszD : {morph Posz : n m / (n + m)%N >-> n + m}.
Proof. by []. Qed.

Ring and Commutative ring structure, the stronger the better

This time, we will build directly a rich commutative ring factory first and use it to instanciate both the ring structure and the commutative ring struture at the same time. This is not only an economy of space, but an economy of proofs, since the commutativity property reduces the number of ring axioms to prove.

Module intRing.
Section intRing.

HB.howto comRingType.
(* HB: no solution found at depth 3 looking at depth 4
HB: solutions (use 'HB.about F.Build' to see the arguments of each factory F):
    - hasDecEq; hasChoice; GRing.isRing; GRing.Ring_hasCommutativeMul
    - hasDecEq; hasChoice; GRing.isZmodule; GRing.Zmodule_isComRing *)

HB.about GRing.Zmodule_isComRing.Build.
(* HB: arguments: GRing.Zmodule_isComRing.Build R [one] [mul] mulrA mulrC mul1r mulrDl oner_neq0
    - R : Type
    - one : R
    - mul : R -> R -> R
    - mulrA : associative mul
    - mulrC : commutative mul
    - mul1r : left_id one mul
    - mulrDl : left_distributive mul +%R
    - oner_neq0 : is_true (one != 0) *)

Definition mulz (m n : int) := match m, n with
    | Posz m', Posz n' => (m' * n')%N%:Z
    | Negz m', Negz n' => (m'.+1%N * n'.+1%N)%N%:Z
    | Posz m', Negz n' => - (m' * (n'.+1%N))%N%:Z
    | Negz n', Posz m' => - (m' * (n'.+1%N))%N%:Z end.
Lemma mulzA : associative mulz. Admitted.
Lemma mulzC : commutative mulz. Admitted.
Lemma mul1z : left_id (Posz 1) mulz. Admitted.
Lemma mulz_addl : left_distributive mulz (+%R). Admitted.
Lemma onez_neq0 : (Posz 1) != 0. Proof. by []. Qed.

Definition comMixin := GRing.Zmodule_isComRing.Build int mulzA mulzC mul1z mulz_addl onez_neq0.
End intRing.
End intRing.
(* We declare the instance *)
HB.instance Definition _ := intRing.comMixin.
(* We can check that [int] can be converted to a [ringType] and a [comRingType] *)
Check (int : ringType).
Check (int : comRingType).

End InstantiationInteger.

Other structures and instances

Module OtherStructures.
Import ssralg GRing.Theory.
Local Open Scope ring_scope.

About other algebraic structures:

read the documentation of ssralg and ssrnum (algebraic structures with order and absolute value)
Canonical instances in the library are:
- integers (int) (forms an integral domain)
- rationals (rat) (forms an archimedian field)
- algebraic numbers (algC) (forms an algebraically closed field)
- polynomials {poly R} (forms an integral domain under sufficient hypothesis on the base ring)
- matrices 'M[R]_(m, n) (forms a module / a finite dimension vector space)
- square matrices 'M[R]_n (forms an algebra, if n := m.+1)

Group theory (not in this course):

see fingroup, perm, action, ...

Structures for morphisms:

Search "linear" in ssralg.

Search "raddf" in ssralg.

Search "rmorph" in ssralg.

HB.about GRing.RMorphism.

** Structure preserving predicates:

Print GRing.subring_closed.
Print GRing.subr_2closed.
Print GRing.mulr_2closed.

Search "rpred" in ssralg.

End OtherStructures.

Naming conventions.

The two most important things to get your way out of a situation:

Knowing your math
Searching the library for what you think you know

For that you have the ssreflect Search command. To use its full power, one should combine seach by identifier (Coq definition), pattern (partial terms) and name (a string contained in the name of the theorem).

The two first methods are straightforward to use (except if you instanciate your patterns more than necessary), but searching by name requires to be aware of naming conventions.

Names in the library are usually obeying one of following the convention

```
(condition_)?mainSymbol_suffixes
```
```
mainSymbol_suffixes(_condition)?
```

Or in the presence of a property denoted by a nary or unary predicate:

```
naryPredicate_mainSymbol+
```
```
mainSymbol_unaryPredicate
```

Where :

mainSymbol is the most meaningful part of the lemma. It generally is the head symbol of the right-hand side of an equation or the head symbol of a theorem. It can also simply be the main object of study, head symbol or not. It is usually either
- one of the main symbols of the theory at hand. For example, it will be opp, add, mul, etc...
- or a special canonical operation, such as a ring morphism or a subtype predicate. e.g. linear, raddf, rmorph, rpred, etc ...
condition is used when the lemma applies under some hypothesis.
suffixes are there to refine what shape and/or what other symbols the lemma has. It can either be the name of a symbol (add, mul, etc...), or the (short) name of a predicate (inj for injectivity, id for identity, ...) or an abbreviation.

Abbreviations are in the header of the file which introduce them. We list here the main abbreviations.

A -- associativity, as in andbA : associative andb.
AC -- right commutativity.
ACA -- self-interchange (inner commutativity), e.g., orbACA : (a || b) || (c || d) = (a || c) || (b || d).
b -- a boolean argument, as in andbb : idempotent andb.
C -- commutativity, as in andbC : commutative andb, or predicate complement, as in predC.
CA -- left commutativity.
D -- predicate difference, as in predD.
E -- elimination, as in negbFE : ~~ b = false -> b.
F or f -- boolean false, as in andbF : b && false = false.
I -- left/right injectivity, as in addbI : right_injective addb or predicate intersection, as in predI.
l -- a left-hand operation, as andb_orl : left_distributive andb orb.
N or n -- boolean negation, as in andbN : a && (~~ a) = false.
n -- alternatively, it is a natural number argument
P -- a characteristic property, often a reflection lemma, as in andP : reflect (a /\ b) (a && b).
r -- a right-hand operation, as orb_andr : right_distributive orb andb.
- - alternatively, it is a ring argument
T or t -- boolean truth, as in andbT: right_id true andb.
U -- predicate union, as in predU.
W -- weakening, as in in1W : {in D, forall x, P} -> forall x, P.
0 -- ring 0, as in addr0 : x + 0 = x.
1 -- ring 1, as in mulr1 : x * 1 = x.
D -- ring addition, as in linearD : f (u + v) = f u + f v.
B -- ring subtraction, as in opprB : - (x - y) = y - x.
M -- ring multiplication, as in invfM : (x * y)^-1 = x^-1 * y^-1.
Mn -- ring by nat multiplication, as in raddfMn : f (x *+ n) = f x *+ n.
mx -- a matrix argument
N -- ring opposite, as in mulNr : (- x) * y = - (x * y).
V -- ring inverse, as in mulVr : x^-1 * x = 1.
X -- ring exponentiation, as in rmorphX : f (x ^+ n) = f x ^+ n.
Z -- (left) module scaling, as in linearZ : f (a *: v) = s *: f v.
z -- a int operation

My most used search pattern

Search "prefix" "suffix"* (symbol|pattern)* in library.

Examples

Module Conventions.
Import ssralg ssrnum GRing.Theory.
Local Open Scope ring_scope.

Search *%R "A" in GRing.Theory.

Search "unit" in ssralg.

Search "inj" in ssralg.

Search "rmorph" "M" in ssralg.

Search "rpred" "D" in ssralg.

End Conventions.

Revisiting an exercise from session 2

Instead of reasonning using (_ %| _) and (_ %% _), we switch to 'Z_p

Section ReasoningModuloInZp.
Import ssralg zmodp GRing.Theory.
Local Open Scope ring_scope.

Lemma pred_Zp k : 1 < k -> k.-1%:R = - 1 :> 'Z_k.
Proof. by case: k => // k k_gt0; rewrite -subn1 natrB ?char_Zp ?sub0r. Qed.

Lemma dvd_exp_odd a k : 0 < a -> odd k -> (a.+1 %| (a ^ k).+1).
Proof.
move=> aP kO; apply/eqP; rewrite -val_Zp_nat//.
by rewrite -natr1 natrX pred_Zp// -signr_odd kO addNr.
Qed.

End ReasoningModuloInZp.

More about structure preserving predicates.

There is a notion of subobject for a few algebraic concepts.

Import ssralg GRing.Theory.
Fail HB.howto GRing.SubringClosed.type. (* alpha release sorry *)
HB.howto GRing.SubringClosed.type_.
(* HB: solutions (use 'HB.about F.Build' to see the arguments of each factory F):
    - GRing.isSubringClosed *)
HB.about GRing.isSubringClosed.Build.
(* HB: arguments: GRing.isSubringClosed.Build R S subring_closed_subproof
    - R : ringType
    - S : R -> bool
    - subring_closed_subproof : subring_closed S *)
Print subring_closed.
(* Notation subring_closed := GRing.subring_closed *)
Print GRing.subring_closed.
(* GRing.subring_closed =
fun (R : ringType) (S : {pred R}) => <tt>/\ 1%R \in S, GRing.subr_2closed S & GRing.mulr_2closed S</tt>
     : forall R : ringType, {pred R} -> Prop *)

See the [hierarchy.dot], use [HB.about], [HB.howto] or read documentation headers to discover other substructure preserving predicates.

A reminder on subtyping.

In Coq, sT := {x : T | P x} is a way to form a sigma-type. We say it is a subtype if there is only one element it sT for each element in T. This happens when P is a boolean predicate. Another way to form a subtype is to create a record : Record sT := ST {x : T; px : P x}.
In mathcomp, to deal with subtypes independently from how they are formed, we have a structure.

HB.about Sub.
HB.about isSub.

(* In essence *)
Module SubType.
Section SubType.
Variables (T : Type) (P : pred T).
Structure subType : Type := SubType {
  sub_sort :> Type;
  val : sub_sort -> T;
  Sub : forall x, P x -> sub_sort;
  (* elimination rule for sub_sort *)
  _ : forall K (_ : forall x Px, K (@Sub x Px)) u, K u;
  _ : forall x Px, val (@Sub x Px) = x
}.
End SubType.
End SubType.

The most important operators to know on subtypes are val : sT -> T, insub : T -> option sT and insubd : sT -> T -> sT.
And the most important theorems to know are val_inj, val_eqE, val_insubd, insubdK and insub

About val_inj.
About val_eqE.
About insubK.
About val_insubd.
About insubdK.

Substructures

Substructures are subtypes that happen to have the same structure as their base type.

There are special factories to instantiate them easily.

Import ssralg GRing.Theory.
HB.howto GRing.SubRing.type.
(*
HB: no solution found at depth 3 looking at depth 4
HB: solutions (use 'HB.about F.Build' to see the arguments of each factory F):
    - hasDecEq; isSub; hasChoice; GRing.SubChoice_isSubRing
*)

HB.about GRing.SubChoice_isSubRing.
(*
HB: GRing.SubChoice_isSubRing is a factory (from "./ssralg.v", line 5073)
HB: GRing.SubChoice_isSubRing operations and axioms are:
    - subring_closed_subproof
HB: GRing.SubChoice_isSubRing requires the following mixins:
    - hasChoice
    - hasDecEq
    - isSub
HB: GRing.SubChoice_isSubRing provides the following mixins:
    - GRing.Zmodule_isRing
    - GRing.isSubRing
    - GRing.isZmodule
    - GRing.isSubZmodule
*)
HB.about GRing.SubChoice_isSubRing.Build.
(*
HB: arguments: GRing.SubChoice_isSubRing.Build R S U subring_closed_subproof
    - R : ringType
    - S : pred R
    - U : Type
    - subring_closed_subproof : subring_closed S
*)

Moreover, when a predicate is declared as a structure preserving predicate, we can use it to declare a substructure automatically (see exercise session).