(* A very simple Coq encoding of the "Towers of Hanoi" puzzle game. *)Require

1. (* A very simple Coq encoding of the "Towers of Hanoi" puzzle game. *)
2.  
3. Require Import Coq.Lists.List.
4. Import ListNotations.
5. Require Import Coq.Arith.Compare_dec.
6.  
7.  
8. (* Proof of a sorted list *)
9. Inductive Sorted : list nat -> Prop :=
10. | sorted'nil : Sorted []
11. | sorted'cons'nil x : Sorted [x]
12. | sorted'cons x y xs:
13. Sorted (y::xs)
14. -> x < y
15. -> Sorted (x::y::xs).
16.  
17.  
18. (* We have three towers. Each tower is a sorted list of numbers. *)
19. Inductive Towers : Set :=
20. | towers : list nat -> list nat -> list nat -> Towers.
21.  
22. (* A group of towers is valid if all the lists are sorted. *)
23. Definition Valid (t : Towers) : Prop :=
24. match t with
25. | towers a b c => Sorted a /\ Sorted b /\ Sorted c
26. end.
27.  
28. (* Each tower is given an index from 1 to 3. *)
29. Inductive Ix : Set :=
30. | Ix1
31. | Ix2
32. | Ix3.
33.  
34. (* Pop the top element off a given tower *)
35. Definition unconsT (ix : Ix) (t : Towers) : option (nat * Towers) :=
36. match ix, t with
37. | Ix1, towers (v::vs) b c => Some (v, towers vs b c)
38. | Ix2, towers a (v::vs) c => Some (v, towers a vs c)
39. | Ix3, towers a b (v::vs) => Some (v, towers a b vs)
40. | _, _ => None
41. end.
42.  
43. (* Push a value onto a given tower.
44. This requires the new value to be smaller than the current head of the list.
45. Otherwise it returns 'None'. *)
46. Definition consT (ix : Ix) (v : nat) (t : Towers) : option Towers :=
47. match ix, t with
48. | Ix1, towers [] b c => Some (towers [v] b c)
49. | Ix1, towers (x::vs) b c =>
50. if lt_dec v x
51. then Some (towers (v::x::vs) b c)
52. else None
53.  
54. | Ix2, towers a [] c => Some (towers a [v] c)
55. | Ix2, towers a (x::vs) c =>
56. if lt_dec v x
57. then Some (towers a (v::x::vs) c)
58. else None
59.  
60. | Ix3, towers a b [] => Some (towers a b [v])
61. | Ix3, towers a b (x::vs) =>
62. if lt_dec v x
63. then Some (towers a b (v::x::vs))
64. else None
65. end.
66.  
67. (* Move a value from one tower to another. This can fail if:
68. the 'from' tower is empty; or
69. the 'from' tower's value is larger than the head of the 'to' tower. *)
70. Definition shift (from to : Ix) (t : Towers) : option Towers
71. := match unconsT from t with
72. | None => None
73. | Some (x,t') => consT to x t'
74. end.
75.  
76.  
77. (* If the towers were sorted and we move a value, the result is still sorted.
78. This is rather tedious to prove, and conceptually not very interesting. *)
79. Theorem Valid_shift_Valid t from to t':
80. Valid t
81. -> shift from to t = Some t'
82. -> Valid t'.
83. Proof.
84. Admitted.
85.  
86. (* We play a game by making a list of moves *)
87. Inductive move : Towers -> Towers -> Prop :=
88. | MNil t : move t t
89. | MCons t from to t' t'':
90. shift from to t = Some t'
91. -> move t' t''
92. -> move t t''.
93.  
94.  
95. (* The tactic "MOVE Ix1 Ix3"
96. means "move a value from the top of tower 1 to tower 3" *)
97. Ltac MOVE f t :=
98. eapply MCons with (from := f) (to := t); try reflexivity;
99. try solve [apply MNil; idtac "Well done!"].
100.  
101. (* Play a game! *)
102. Theorem play_3:
103. move
104. (* Initial state *)
105. (towers [1;2;3] [] [])
106. (* Goal state *)
107. (towers [] [] [1;2;3]).
108. Proof.
109. MOVE _ _.
110. Admitted.