(* Please work in this one *)

(* The next command makes Coq guess 
   which arguments can be considered as implicit *)
Set Implicit Arguments.

Inductive list (X:Type) : Type :=
  | nil : list X
  | cons :  X -> list X -> list X.
Arguments nil [X].

Fixpoint app (X: Type) (u v: list X) : list X :=
  match u with
  | nil => v
  | cons x u' => cons x (app u' v)
  end.

Fixpoint length (X: Type) (u: list X) : nat :=
  match u with
  | nil => O
  | cons x u' => S (length u')
  end.

Theorem length_morphism (X: Type) :
   forall u v: list X, 
   length (app u v) = length u + length v.
Proof.
intros u v. 
(* induction u as [ | x u' IHu']. *)
(* the same with more basic mechanisms *)
pattern u.  (* simpl. *) 
apply list_ind.
- reflexivity.
- clear u. intros x u' IHu'.
Admitted.

Theorem nil_right_neutral (X: Type) :  
  forall l: list X, app l nil = l.
Proof.
Admitted.

Theorem app_assoc (X: Type) :  
  forall (u v w: list X), (app (app u v) w)  = app u (app v w).
Proof.
(* only 1 induction on [u] is enough *)
Admitted.

(* naive reverse *)

Fixpoint rev (X: Type) (l: list X) : list X :=
  match l with
  | nil => nil
  | cons x l' => app (rev l') (cons x nil)
  end.
  
(* A linear version *)
(*
Fixpoint lrev_aux ...

Definition lrev := ... lrev_aux ...

Theorem lrev_correct :
  forall l, lrev l = rev l.
*)

(* Testing for equality in nat *)
Fixpoint eqbnat (n m: nat) {struct n} := 
   match n,m with
   | O,O => true
   | O, S m' => false
   | S n', O => false
   | S n', S m' => eqbnat n' m'
   end.

Theorem eqbnat_correct :
  forall n m, eqbnat n m = true -> n = m.
Proof.
intros n m. induction n as [| n' IHn'].
- simpl.  destruct m as [| m'].
Admitted.


Fixpoint eqnat (n m: nat) {struct n} : 
   {n=m}+{~n=m}.
Proof.
refine
   match n,m with
   | O,O => _
   | O, S m' => _
   | S n', O => _
   | S n', S m' => _
   end.
- left. reflexivity.
- right. discriminate.
- right; discriminate.
- destruct (eqnat n' m') as [e | d].
  + left. rewrite e; reflexivity.
  + right. intro e. injection e. exact d.
Defined.

Fixpoint memb (x: nat) (l: list nat): bool := 
  match l with
  | nil => false
  | cons y u' => orb (eqbnat x  y) (memb x u')
  end.

Inductive member (X: Type) (x:X) : list X -> Prop :=
  | mbeg : forall l, member x (cons x l)
  | mseq : forall y l, 
    member x l -> member x (cons y l).

Fixpoint mem (x: nat) (l: list nat): 
  {member x l}+{~member x l}.
Proof.
refine
  match l with
  | nil => _
  | cons y u' =>
      match  eqnat x y with
      | left exy => _
      | right dxy => 
        match mem x u' with 
          | left yes => _
          | right no => _
        end
      end
  end.
- right. intro mx. inversion mx.
- left. rewrite exy. apply mbeg. 
- left. apply mseq. exact yes.
- right. intro mx. inversion mx. 
        apply dxy. assumption. 
        apply no. assumption.
Defined.

Extraction mem.

Theorem memb_correct : 
   forall x l,
   memb x l =true -> member x l.
Proof.
  intros x l.  induction l as [ | y l' IHl'].
  - simpl. discriminate. 
  - simpl. 
Admitted.