Home
Schedule
Software
Mailing List

Due: Thursday, March 6, 00:00AM

Group Theory

In this assignment, you will prove several simple theorems of Group Theory, which you might have studied in an undergraduate abstract algebra course. If you didn’t take abstract algebra, you missed out on some wonderful mathematics, but this is your chance to learn some of the basics. You could look up group theory on Wikipedia or look it up in a book. I enjoyed Contemporary Abstract Algebra by Joseph Gallian, which is available at the UMass library.

Requirements

For the purposes of this assignment, a group is a set G, an associative binary operator f over G, an identity element e of G, and a unary inverse function i for G. The following types, which you must use, define a group and its basic axioms in Coq:

(* The set of the group. *)
Parameter G : Set.

(* The binary operator. *)
Parameter f : G -> G -> G.

(* The group identity. *)
Parameter e : G.

(* The inverse operator. *)
Parameter i : G -> G.

(* For readability, we use infix <+> to stand for the binary operator. *)
Infix "<+>" := f (at level 50, left associativity).

(* The operator [f] is associative. *)
Axiom assoc : forall a b c, a <+> b <+> c = a <+> (b <+> c).

(* [e] is the right-identity for all elements [a] *)
Axiom id_r : forall a, a <+> e = a.

(* [i a] is the right-inverse of [a]. *)
Axiom inv_r : forall a, a <+> i a = e.

Your task is to use the definitions above to prove all the theorems below:

(* The identity [e] is unique. *)
Axiom unique_id : forall a, a <+> a = a -> a = e.

(* [i a] is the left-inverse of [a]. *)
Axiom inv_l : forall a, i a <+> a = e.
  
(* [e] is the left-identity. *)
Axiom id_l : forall a, e <+> a = a.

(* [x] can be cancelled on the right. *)
Axiom cancel_r : forall a b x, a <+> x = b <+> x -> a = b.

(* [x] can be cancelled on the left. *)
Axiom cancel_l: forall a b x, x <+> a = x <+> b -> a = b.

(* The left identity is unique. *)
Axiom e_uniq_l : forall a p, p <+> a = a -> p = e.

(* The left inverse is unique. *)
Axiom inv_uniq_l : forall a b, a <+> b = e -> a = i b.

(* The left identity is unique. *)
Axiom e_uniq_r : forall a p, a <+> p = a -> p = e.

(* The right inverse is unique. *)
Axiom inv_uniq_r : forall a b, a <+> b = e -> b = i a.

(* The inverse operator distributes over the group operator. *)
Axiom inv_distr : forall a b, i (a <+> b) = i b <+> i a.

(* The inverse of an inverse produces the original element. *)
Axiom double_inv : forall a, i (i a) = a.

(* The identity is its own inverse. *)
Axiom id_inv : i e = e.

There is a wrinkle: every theorem or lemma must be proved by either a single call to crush or a single call to eauto! You may pass a numeric argument to eauto to control the search depth. Some theorems and lemmas may be necessary to prove subsequent theorems. You can add these as hints using Hint Resolve.

One more use of tactics is allowed in this problem. The following lemma captures a common pattern of reasoning in algebra proofs:

Lemma mult_both : 
  forall a b c d1 d2, 
    a <+> c = d1
    -> b <+> c = d2
    -> a = b
    -> d1 = d2.
  crush.
Qed.

That is, we know some equality a = b, which is the third hypothesis above. We derive a further equality by multiplying both sides by c, to yield a <+> c = b <+> c. Next, we do algebraic simplification on both sides of this new equality, represented by the first two hypotheses above. The final result is a new theorem of algebra.

Chapter 14 of CPDT introduces more details of programming in Ltac, but here is a quick teaser that will be useful in this problem. Include the following hint command before you start proving the main theorems of this exercise:

Hint Extern 100 (_ = _) =>
match goal with
  | [ _ : True |- _ ] => fail 1
  | _ => assert True by constructor; eapply mult_both 
end.

This hint has the effect of applying mult_both at most once during a proof. After reading Chapter 14, it should be clear why the hint has that effect, but for now treat it as a useful black box. Simply using Hint Resolve mult_both would increase proof search time unacceptably, because there are just too many ways to use mult_both repeatedly within a proof.

Hints

  1. I recommend proving the theorems in roughly the order written above. There are some dependencies between the theorems too. For example, it is helpful to have Hint Resolve unique_id before trying to prove inv_l. You only need to use Hint Resolve. There is no need for Hint Rewrite, Hint Immediate, etc.

  2. The following web page has informal proofs of some of the first theorems you need to prove:

    http://dogschool.tripod.com/housekeeping.html

    You should start by formalizing them.

  3. You can write eauto N, where N sets the depth of proof search. The default is eauto 5, which can be quite slow. Lower values will make proof search go faster when a proof exists within the bound. Higher values are necessary to find more involved proofs. Most proofs should be found with eauto 3 or eauto 4.

  4. The key to this problem is coming up with further lemmas like mult_both that formalize common patterns of reasoning in algebraic proofs. These lemmas need to be more than sound: they must also fit well with the way that eauto does proof search. For instance, if we had given mult both a traditional statement, we probably would have avoided “pointless” equalities like a = b, which could be avoided simply by replacing all occurrences of b with a. However, the resulting theorem would not work as well with automated proof search! Every additional hint you come up with should be registered with Hint Resolve, so that the lemma statement needs to be in a form that eauto understands natively.

  5. I recommend testing a few simple rules corresponding to common steps in algebraic proofs. You can apply them manually with any tactics you like (e.g., apply or eapply) to figure out what approaches work, and then switch to eauto once you have the full set of hints.

Acknowledgments

This assignment is derived from Exercise 0.8.1 of Adam Chlipala’s online CPDT exercises.