# One Last Push

On the eve of the deadline, work continues at a feverish pace…

## Procedural Terrain and L-systems

Work on procedural terrain generation and crystal formations was mostly done for last Friday’s post. A bit of polish work has occurred since then. Most notably, I’ve smoothed out the terrain of the real world moon heightmap data. The result is much more moon-like:

Also, I’ve tweaked the shader for the crystal growths. I’ve used a technique similar to what is done in cel shading to recognize the silhouettes of the growths. At first I was planning on implementing actual cel shading, but it did not look good. However, I discovered that I could favor the external shell portion of the texture in the silhouette area, much like how if you look at a transparent object from an extreme angle, you see more of the surface material. I find the result to be quite satisfying:

… compared to last week:

## Procedural Cities and Buildings

This weekend, Andrew added functionality to render the smaller heightmap for the city on top of the buildable area of the larger heightmap.

The main C++ program invokes a Python script to generate the heightmap and road network, then reads the data into a new LandscapeModel at the appropriate location. The program then renders the road network using a solid color shader for now. By rendering only a portion of the road network at a time, it’s possible to animate the process, showing how the network grows from the population centers and intersects with itself.

The more significant challenge has been extracting buildable areas from the road network. Implementing the road network growth required hacking together a spatially indexed graph database. The generated graphs are subtly broken – some roads cross without an intersection, so the graph is not necessarily planar.

Andrew need to resolve this issue before he can reliably extract cycles, and he needs to extract buildable plots before he can place and generate buildings. He will be working on that tonight.

Where the graph is sensible, he is able to extract a cycle:

But in a case where the edges intersect somewhere besides an intersection point, this fails:

## Plumbing

There is an additional requirement that all procedural elements be able to be regenerated at runtime. I’ve implemented the plumbing to ensure that this happens. At the press of a button, the terrain can be regenerated, the crystals can be regenerated and the real world heightmap data can be toggled on and off. Additionally, when the city generation is complete, the plumbing is in place for that as well.

All this regeneration happens much faster than I’d thought it would, which was nice. There was no need to optimize the regeneration or implement asynchronous regeneration.

# Onwards To The Moon

As the deadline looms, work continues at a feverish pace. Much has happened, and much remains to be done.

## Procedural Terrain Generation

The terrain generation is basically done. We are generating random landscape heightmaps using the Diamond-Square algorithm. After generating the heightmaps, we carve out a flat space for the city, and then place various mineral deposits and crystal growths. After the features are set, we tessellate the landscape.

We are also capable of reading in external heightmap data, and I’ve located a heightmap of the surface of the moon, which we are capable of turning into a 3D surface.

As you can see, the lunar surface is much rougher than one would think.

## Crystalline Structures

New this week are the crystalline structures seen in the screenshots above. These are generated using L-systems, with the following grammar:

```
V = { D(len, topScale, bottomScale, topLen, bottomLen),
C(len, topScale, bottomScale, topLen, bottomLen),
S(scale),
T(minSegs) }
S = { F(theta),
K(theta),
A(r, s) }
ω1 = { A(C(6,1,1,1,1), D(1.0f, 3.0f, 2.5f, 0.5f, 1.0f)) }
ω2 = { A(C(6,1,1,1,1), A(F(1), S(1))) }
ω3 = { A(S(1), A(K(1), T(3)) }
P = { D -> A(D, A((K(1), C(2,1,1,1,1)))),
C -> A(C, A(F(0.75), T(3))),
T : final iteration -> A(T, S(0.5)),
T : otherwise -> A(T, T(1)),
S : -> A(S, D(3,2,1,1,1)) }
```

There is a basic crystal building block, represented by D and C. These are the same shape, but D has 5 branching points, and C has 1 (the center.) To build on a mounting point, one uses the A rule, which states “For all mounting points produced by r, build s on it.”

Rounding out the bunch, are S a “scepter” shaped crystal, F, which fans out in three directions, and K, which forks in two directions. Last but not least is the “angry tentacle” formation T.

Here we see ω1:

… ω2:

…and ω3:

## Procedural City Generation

We’ll be placing a procedurally generated moon base on the flat build site carved out of the terrain. The moon’s surface is very rough, so we can only place the base on the flat area.

However, the area under the city isn’t completely flat; we are using a technique called spectral synthesis to generate a smoother heightmap underneath the city. The edges of this heightmap will coincide smoothly with the surrounding terrain to ensure a natural transition.

After generating the heightmaps, we generate a population density map using a similar procedure, attenuating it where the terrain is steepest (it’s difficult to build on the side of a hill!). Then we sample the density map and place population centers using k-means clustering. Finally, we triangulate the set of population centers to generate a connectivity graph for road generation.

Once we have a connectivity graph, we draw adaptive highways between population centers using the technique described in Citygen: An Interactive System for Procedural City Generation, using a heuristic combining Least Elevation Difference, population density, and the degree to which the road would deviate from its current direction. As these are drawn, we create additional perpendicular roads in areas of high population density. These roads are extended using the same heuristic until they reach a less populated area.

So far, we’ve implemented the above in Python so we can leverage the performant array operations from NumPy and SciPy, in addition to the spatial indexing functionality from Rtree. We’ll need to use the Python C API to call into our Python code and store the resulting road graph in a buffer for rendering.

## The Way Ahead

Much work remains to be done. For terrain and L-systems, there remains polish work. I’ve implemented the required algorithms, and it technically “works.” However, it’s still a bit rough. I hope to refine the shaders of the crystals to make them appear more 3-dimensional. Additionally, I’d like to increase the density of “trees” on the landscape as I think it looks a bit sparse. I hope to have this work wrapped up by tomorrow night.

For city generation, the road graph needs to be converted to buildable cells, and subdivided/populated with buildings. Andrew plans to have this done by tomorrow night. By Sunday, he plans to have the rendering set up for this, with basic buildings. Then by Monday, more elaborate buildings will follow.

Additionally, we need the capability to regenerate the various procedurally generated components at runtime. This is a simple matter of plumbing, and should not be difficult. Time allowing, I’d like to do this asynchronously, so there is no frame hiccup during regeneration. The user will press a button, and a few seconds later, the change will be reflected.

# Pure Functional Memoization

There are many computation problems that resonate through the ages. Important Problems. Problems that merit a capital P.

The Halting Problem…

P versus NP…

The Fibonacci sequence…

The Fibonacci sequence is a super-important computation Problem that has vexed mathematicians for generations. It’s so simple!

```
fibs 0 = 0
fibs 1 = 1
fibs n = (fibs $ n - 1) + (fibs $ n - 2)
```

Done! Right? Let’s fire up ghci and find out.

```
*Fibs> fibs 10
55
```

… looking good…

```
*Fibs> fibs 40
```

… still waiting…

```
102334155
```

… Well that sure took an unfortunate amount of time. Let’s try 1000!

```
*Fibs> fibs 1000
*** Exception: <<You died before this returned>>
```

To this day, science wonders what `fibs(1000)`

is. Well today we solve this!

## Memoization

The traditional way to solve this is to use Memoization. In an imperative language, we’d create an array of size n, and prepopulate `arr[0] = 0`

and `arr[1] = 1`

. Next we’d loop over 2 to n, and for each we’d set `arr[i] = arr[i-1] + arr[i-2]`

.

Unfortunately for us, this is Haskell. What to do… Suppose we had a map of the solutions for 0 to i, we could calculate the solution for i + 1 pretty easily right?

```
fibsImpl _ 0 = 0
fibsImpl _ 1 = 1
fibsImpl m i = (mo + mt)
where
mo = Map.findWithDefault undefined (i - 1) m
mt = Map.findWithDefault undefined (i - 2) m
```

We return 0 and 1 for i = 0 and i = 1 as usual. Next we lookup n – 1 and n – 2 from the map and return their sum. This is all pretty standard. But where does the map come from?

It turns out that this is one of those times that laziness is our friend. Consider this code:

```
fibs' n = let m = fmap (fibsImpl m)
(Map.fromList (zip [0..n]
[0..n])) in
Map.findWithDefault undefined n m
```

When I first saw this pattern (which I call the Wizard Pattern, because it was clearly invented by a wizard), I was completely baffled. We pass the thing we’re creating into the function that’s creating it? Unthinkable!

It turns out that this is just what we need. Because of laziness, the fmap returns immediately, and `m`

points to an unevaluated thunk. So, for i = 0, and i = 1, fibsImpl will return 0 and 1 respectively, and the map will map 0 -> 0 and 1 -> 1. Next for i = 2, Haskell will attempt to lookup from the map. When it does this, it will be forced to evaluate the result of i = 0 and i = 1, and it will add 2 -> 1 to the map. This will continue all the way through i = n. Finally, this function looks up and returns the value of fibs n in linearish time. (As we all know, Map lookup isn’t constant time, but this is a lot better than the exponential time we had before)

So let’s try it out.

```
*Fibs> fibs' 1
1
*Fibs> fibs' 10
55
*Fibs> fibs' 40
102334155
```

… so far so good…

```
*Fibs> fibs' 100
354224848179261915075
*Fibs> fibs' 1000
43466557686937456435688527675040625802564660517371780402481729089536555417949051890403879840079255169295922593080322634775209689623239873322471161642996440906533187938298969649928516003704476137795166849228875
*Fibs> fibs' 10000

*Fibs> fibs' 100000

```

Neat. Even that last one only took a few seconds to return!

# Aeson Revisited

As many of you know, the documentation situation in Haskell leaves something to be desired. Sure, if you are enlightened, and can read the types, you’re supposedly good. Personally, I prefer a little more documentation than “clearly this type is a monoid in the category of endofunctors”, but them’s the breaks.

Long ago, I wrote about some tricks I found out about using Aeson, and I found myself using Aeson again today, and I’d like to revisit one of my suggestions.

## Types With Multiple Constructors

Last time we were here, I wrote about parsing JSON objects into Haskell types with multiple constructors. I proposed a solution that works fine for plain enumerations, but not types with fields.

Today I had parse some JSON into the following type:

```
data Term b a =
App b [Term b a]
| Var VarId
| UVar a
```

I thought “I’ve done something like this before!” and pulled up my notes. They weren’t terribly helpful. So I delved into the haddocs for Aeson, and noticed that Aeson's Result type is an instance of `MonadPlus`

. Could I use `mplus`

to try all three different constructors, and take whichever one works?

```
instance (FromJSON b, FromJSON a)
=> FromJSON (Term b a) where
parseJSON (Object v) = parseVar `mplus` parseUVar
`mplus` parseApp
where
parseApp = do
ident <- v .: "id"
terms <- v .: "terms"
return $ App ident terms
parseVar = Var <$> v .: "var"
parseUVar = UVar <$> v .: "uvar"
parseJSON _ = mzero
```

It turns out that I can.

# Operator Overloading in C++

My thoughts on Operator Overloading are hardly a secret. Some languages, such as Haskell, support it in a sane manner. Some languages, such as C++ don’t. Either way though, I’m not a fan.

That said, there is one case where I support it; when what you are trying to overload an operator to do makes sense for your type. In other words, if it makes sense to multiply an Employee object, feel free to overload the multiplication operator. Since we don’t usually model mating when we implement an employee object, I don’t usually approve.

## Multiplying a Fraction

However, if we have a fraction class, that has a numerator and denominator component, overloading the multiplication operator suddenly becomes reasonable:

```
frac<T> operator *(const frac<T> & rhs) const
{
return frac<T>(numer * rhs.numer, denom * rhs.denom);
};
```

In C++, many of the built in operators are available to be overloaded. You can do basically anything in an operator overload, but if you do, that makes you a bad person. Here we have a straightforward implementation, that I’m going to assume you don’t need to have explained to you. But let’s talk `const`

correctness.

In this signature, the `const`

appears twice. The right hand side argument is a `const`

reference. Since this is a reference, no copy occurs, but with references can come mutability. The `const`

here prevents any mutation from occurring. There is also a `const`

at the end of the signature. That means that this function cannot modify the `this`

pointer.

This function returns a new `frac<t>`

, so no need for `const`

there.

## Convert a Fraction to a Double

Next, you can overload the casting operator, and if you are a good person you’ll use this for type conversions. Let’s implement `(double)`

for our fraction:

```
operator double() const
{
return (double) numer / denom;
}
```

This code is pretty straight forward. We divide the numerator by the denominator, and cast it to double in case integer division occurs. Cast operator overloads don’t have a return type, which is a bit strange but something we can work with.

## Streaming operators

Finally, I’d like to talk about streaming operator overloads. For any overloaded operator, there are two forms: member and non-member. Member overloads take `n - 1`

arguments, where the minus 1 is the current object (and the left hand side). Non member overloads can’t access the this pointer, so they need to take the left hand side as a parameter.

Member overloads obviously have access to private class members, which makes them more powerful than non-member. Which leads us to the streaming operators. Streaming operators need to return `std::ostream &`

, so they *must* be non-member. The problem is that we want to print the private numerator and denominator fields. The solution? make it a friend:

```
friend std::ostream & operator <<(std::ostream & lhs,
const frac<T> & rhs)
{
lhs << rhs.numer << '/' << rhs.denom;
return lhs;
};
```

With that problem solved, this function becomes pretty straight forward. We stream the fields, formatted correctly, into the left hand side `std::ostream &`

, then we return the left hand side argument for further use by the next part of the streaming chain.

# Pretty Printing our Pretty Program with Pretty

Tell me if you’ve heard this one before. You’re making some complicated data structure in Haskell. Something like the following:

```
data Expr =
EVal Int
| EIdent String
| EFunc String [String] [Expr]
| ECall String [Expr]
| ELet String Expr
| EWhile Expr [Expr]
| EShizzy Expr Expr Expr
| EIfElse Expr Expr Expr
| EReturn Expr
deriving (Show)
```

You throw that `deriving (Show)`

because it’ll totally help you debug! Time goes by, and you use your fancy `Expr`

to write a robust imperative function:

```
test = EFunc "testFunc" ["gatito",
"moogle"]
[ELet "foo"
$ ECall "petCat" $ [EIdent "gatito",
EIdent "moogle"],
EWhile (ECall "catsPlacated" [])
[EShizzy
(EIfElse
(EVal 5)
(ELet "foo"
$ ECall "malloc" [ECall "sizeof" [EVal 2]])
(ECall "petCat" $ [EIdent "gatito",
EIdent "moogle"]))
(ECall "petCat" $ [EIdent "gatito",
EIdent "moogle"])
(ELet "foo" $ ECall "safeLeakMemory" [])
],
EReturn $ EIdent "foo"
]
```

You’re still good, you got Rainbow Delimiters to keep that all sorted. Now, more time goes by and you’re in the repl and something doesn’t work. What was this test thing again?

```
*Shizzy> test
EFunc "testFunc" ["gatito","moogle"] [ELet "foo" (ECall "petCat" [EIdent "gatito",EIdent "moogle"]),EWhile (ECall "catsPlacated" []) [EShizzy (EIfElse (EVal 5) (ELet "foo" (ECall "malloc" [ECall "sizeof" [EVal 2]])) (ECall "petCat" [EIdent "gatito",EIdent "moogle"])) (ECall "petCat" [EIdent "gatito",EIdent "moogle"]) (ELet "foo" (ECall "safeLeakMemory" []))],EReturn (EIdent "foo")]
```

Well that’s unfortunate. What do we do now? Aside from the fact that this is completely useless to us, this certainly wouldn’t be OK to print out to a user…

The good news is that pretty printing is a snap thanks to the HughesPJ Pretty Printer. One simply has to implement the Pretty class for one’s type, and then they can get some reasonable output:

```
testFunc(gatito moogle) {
let foo = petCat(gatito moogle)
while(catsPlacated()) {
+--
{
if (5) let foo = malloc(sizeof(2))
else petCat(gatito moogle)
}
+++
+ +
+++
{
petCat(gatito moogle)
}
+++
+ +
+++
{
let foo = safeLeakMemory()
}
+--
}
produceResult foo
}
```

Let’s see how we get there, constructor by constructor.

#### EVal and EIdent

First up are the easy ones: `EVal`

and `EIdent`

, which represent bare values:

```
instance Pretty Expr where
pPrint (EVal v) =
int v
pPrint (EIdent s) =
text s
```

First we have to declare our instance, but next we can just print the values. `int`

pretty prints an integer, and `text`

pretty prints a string.

#### EFunc and ECall

Next we have function calls and definitions:

```
pPrint (EFunc n a b) =
text n
<> (parens $ hsep $ fmap text a) <+> lbrace
$+$ (nest 2 $ vcat $ fmap pPrint b)
$+$ rbrace
pPrint (ECall n a) =
text n <> (parens $ hsep $ fmap pPrint a)
```

There are some operators here that require explanation. All of these operators have type `(Doc -> Doc -> Doc )`

, and are used to combine two `Doc`

into one. A `Doc`

is the type of thing that can be pretty printed, which is returned by calls to `pPrint`

and various other primitive pretty printing functions provided by the library (like `text`

and `int`

)

`<>`

glues the thing on the left next to the thing on the right with no space in between, where `<+>`

does the same, but leaves 1 space in between. Similarly, `$$`

and `$+$`

glues the thing on the right to the bottom of the thing on the left. `$+$`

allows the right hand side to overlap with the left (more on this later). There are also `hsep`

, and `vcat`

which takes lists of `Doc`

. These functions work similarly to `<>`

, `$$`

and friends; they glue `Doc`

s together horizontally and vertically. `*cat`

are the non-plus variants, and `*sep`

are the plus variants.

Other functions introduced here are `parens`

, which takes a `Doc`

and surrounds it by parens. `lbrace`

and ` rbrace`

insert `{`

and `}`

respectively. There is a `braces`

function as well, but I didn’t use it because I want to control how the braces are shown. Finally, we have `nest`

, which indents its argument. This function is great because it takes into account outer nest calls, so we can get arbitrary nesting.

#### ELet, EWhile, EIfElse, and EReturn

```
pPrint (ELet n e) =
text "let" <+> text n <+> equals <+> pPrint e
pPrint (EWhile p b) =
text "while" <> (parens $ pPrint p) <+> lbrace
$+$ (nest 2 $ vcat $ fmap pPrint b)
$+$ rbrace
pPrint (EIfElse p t f) =
text "if" <+> (parens $ pPrint p) <+> pPrint t
$+$ text "else" <+> pPrint f
pPrint (EReturn v) =
text "produceResult" <+> pPrint v
```

Nothing particularly fancy here. in `ELet`

, we have `equals`

which inserts an equals sign and we have more nesting throughout. As you can see, this is very simple once you get the hang of it; there are few abstract instances involved, and most functions do what they say.

#### EShizzy

As we all know, any programming language that doesn’t have Shizzy statements isn’t worth knowing, so of course I implement them:

```
pPrint (EShizzy u d t) =
onFire
$+$ (nest 6 (lbrace $+$ (nest 2 (pPrint u))
$+$ rbrace))
$+$ noRules
$+$ (lbrace $+$ (nest 2 (pPrint d)) $+$ rbrace)
$+$ noRules
$+$ (nest 6 (lbrace $+$ (nest 2 (pPrint t))
$+$ rbrace))
$+$ onFire
where
onFire = nest 2 $ text "+--"
noRules = nest 2 $ (text "+++" $$ text "+ +"
$$ text "+++")
```

This produces the following output as we’d expect:

```
+--
{
if (5) let foo = malloc(sizeof(2))
else petCat(gatito moogle)
}
+++
+ +
+++
{
petCat(gatito moogle)
}
+++
+ +
+++
{
let foo = safeLeakMemory()
}
+--
```

and this gives me a good opportunity to demonstrate the difference between `$$`

and `$+$`

. Let’s swap all the plus variants out:

```
onFire
$$ (nest 6 (lbrace $$ (nest 2 (pPrint u))
$$ rbrace))
$$ noRules
$$ (lbrace $$ (nest 2 (pPrint d))
$$ rbrace)
$$ noRules
$$ (nest 6 (lbrace $$ (nest 2 (pPrint t)) $$ rbrace))
$$ onFire
where
onFire = nest 2 $ text "+--"
noRules = nest 2 $ (text "+++" $$ text "+ +"
$$ text "+++")
```

Now, the pretty printer outputs the following:

```
+-- { if (5) let foo = malloc(sizeof(2))
else petCat(gatito moogle)
}
+++
+ +
+++
{ petCat(gatito moogle)
} +++
+ +
+++ { let foo = safeLeakMemory()
}
+--
```

Basically, if something is nested far enough that it would appear after the end of the left hand side argument, it is pasted to the right of it instead of below it. Honestly, it’s pretty strange behavior to me, I say just avoid `$$`

for the most part and you’ll be fine. It’s not a huge stretch for me to think of a use for this, but I think I’d just use `<>`

or `<+>`

if I wanted this to happen.

Regardless, I’ve worked on projects that use this pretty printing library before, and now that I’ve given it a shot I know why!

# Baby’s First Proof

Unlike many languages that you learn, in Coq, things are truly different. Much like your first functional language after using nothing but imperative languages, you have to re-evaluate things. Instead of just defining functions, you have to *prove* properties of them. So, let’s take a look at a few basic ways to do that.

## Simpl and Reflexivity

Here we have two basic “tactics” that we can use to prove simple properties. Suppose we have some function `addition`

. We’re all familiar with how this works; `2 + 2 = 4`

, right? Prove it:

```
Lemma two_plus_two:
2 + 2 = 4.
Proof.
Admitted.
```

First, what is this `Admitted.`

thing? Admitted basically tells Coq not to worry about it, and just assume it is true. This is the equivalent of your math professor telling you “don’t worry about it, Aristotle says it’s true, are you calling Aristotle a liar?” and if you let this make it into live code, you are a bad person. We must make this right!

```
Lemma two_plus_two:
2 + 2 = 4.
Proof.
simpl.
reflexivity.
Qed.
```

That’s better. This is a simple proof; we tell Coq to simplify the expression, then we tell Coq to verify that the left-hand-side is the same as the right-hand-side. One nice feature of Coq is that lets you step through these proofs to see exactly how the evaluation is proceeding. If you’re using Proof General, you can use the buttons `Next`

, `Goto`

, and `Undo`

to accomplish this. If you put the point at `Proof.`

and click `Goto`

, Coq will evaluate the buffer up to that point, and a window should appear at the bottom with the following:

```
1 subgoals, subgoal 1 (ID 2)
============================
2 + 2 = 4
```

This is telling you that Coq has 1 thing left to prove: ` 2 + 2 = 4`

. Click next, the bottom should change to:

```
1 subgoals, subgoal 1 (ID 2)
============================
4 = 4
```

Coq processed the `simpl`

tactic and now the thing it needs to prove is that `4 = 4`

. Obviously this is true, so if we click next…

`No more subgoals.`

…`reflexivity`

should succeed, and it does. If we click next one more time:

`two_plus_two is defined`

This says that this Lemma has been defined, and we can now refer to it in other proofs, much like we can call a function. Now, you may be wondering “do I really have to simplify `2 + 2`

?” No, you don’t, `reflexivity`

will simplify on it’s own, this typechecks just fine:

```
Lemma two_plus_two:
2 + 2 = 4.
Proof.
reflexivity.
Qed.
```

So, what’s the point of `simpl`

then? Let’s consider a more complicated proof.

## Induction

```
Lemma n_plus_zero_eq_n:
forall (n : nat), n + 0 = n.
```

This lemma state that for any n, n + 0 = n. This is the same as when you’d write `∀`

in some math. Other bits of new syntax is `n : nat`

, which means that n has the type nat. The idea here is that no matter what natural number n is, n + 0 = n. So how do we prove this? One might be tempted to try:

```
Lemma n_plus_zero_eq_n:
forall (n : nat), n + 0 = n.
Proof.
reflexivity.
Qed.
```

One would be wrong. What is Coq stupid? Clearly n + 0 = n, Aristotle told me so! Luckily for us, this is a pretty easy proof, we just need to be explicit about it. We can use induction to prove this. Let me show the whole proof, then we’ll walk through it step by step.

```
Lemma n_plus_zero_eq_n:
forall (n : nat), n + 0 = n.
Proof.
intros n.
induction n as [| n'].
{
reflexivity.
}
{
simpl.
rewrite -> IHn'.
reflexivity.
}
Qed.
```

Place the point at `Proof`

and you’ll see the starting goal:

```
1 subgoals, subgoal 1 (ID 6)
============================
forall n : nat, n + 0 = n
```

Click next and step over `intros n.`

```
1 subgoals, subgoal 1 (ID 7)
n : nat
============================
n + 0 = n
```

What happened here is `intros n`

introduces the variable n, and names it n. We could have done `intros theNumber`

and the bottom window would instead show:

```
1 subgoals, subgoal 1 (ID 7)
theNumber : nat
============================
theNumber + 0 = theNumber
```

The `intros`

tactic reads from left to right, so if we had some `Lemma foo : forall (n m : nat), [stuff]`

, we could do `intros nName mName.`

, and it would read in n, and bind it to nName, and then read in m and bind it to mName. Click next and evaluate `induction n as [| n'].`

```
2 subgoals, subgoal 1 (ID 10)
============================
0 + 0 = 0
subgoal 2 (ID 13) is:
S n' + 0 = S n'
```

The `induction`

tactic implements the standard proof by induction, splitting our goal into two goals: the base case and the n + 1 case. Similarly to `intros`

, this will create subgoals starting with the first constructor of an ADT, and ending with the last.

## On Natural Numbers in Coq

Let us take a second to talk about how numbers are represented in Coq. Coq re-implements all types within itself, so `nat`

isn’t a machine integer, it’s an algebraic datatype of the form:

```
Inductive nat : Set :=
| O : nat
| S : nat -> nat.
```

`O`

is zero, `S O`

is one, and `S (S (S (O)))`

is three. There is a lot of syntax sugar in place that lets you write 49 instead of `S (S ( ... ( S O) ... ))`

, and that’s a good thing.

The point of all of this is that we can pattern match on `nat`

much like we can a list.

## More Induction

…anyways, all this brings us back to induction and this mysterious `as [| n'].`

What this is doing is binding names to all the fields of the ADT we are deconstructing. The `O`

constructor takes no parameters, so there is nothing to the left of the `|`

. The `S`

constructor takes a `nat`

, so we give it the name `n'`

. Click next and observe the bottom change:

```
1 focused subgoals (unfocused: 1)
, subgoal 1 (ID 10)
============================
0 + 0 = 0
```

The curly braces “focuses” the current subgoal, hiding all irrelevant information. Curly braces are optional, but I find them to be very helpful as the bottom window can become very cluttered in large proofs. Here we see the base case goal being to prove that 0 + 0 = 0. Obviously this is true, and we can have Coq verify this by `reflexivity.`

Click next until the next opening curly brace is evaluated. We see the next subgoal:

```
1 focused subgoals (unfocused: 0)
, subgoal 1 (ID 13)
n' : nat
IHn' : n' + 0 = n'
============================
S n' + 0 = S n'
```

So, what do we have here? This is the n + 1 case; here the n’ in `S n'`

is the original n. A particularly bored reader may try to prove `forall (n : nat), S n = n + 1`

and I’ll leave that as an exercise. However, this follows from the definition of `nat`

.

Also of note here is `IHn'`

. `IH`

stands for induction hypothesis, and this is that n’ + 0 = n’. So, how do we proceed? Click next and observe how the subgoal changes:

```
1 focused subgoals (unfocused: 0)
, subgoal 1 (ID 15)
n' : nat
IHn' : n' + 0 = n'
============================
S (n' + 0) = S n'
```

It brought the `+ 0`

inside the `S`

constructor. Notice that now there is `n' + 0`

on the left hand side. Click next and watch closely what happens:

```
1 focused subgoals (unfocused: 0)
, subgoal 1 (ID 16)
n' : nat
IHn' : n' + 0 = n'
============================
S n' = S n'
```

Here we use the induction hypothesis to rewrite all occurrences of `n' + 0`

, which was the left hand side of the induction hypothesis as `n'`

, which was the right hand side of the induction hypothesis. This is what the `rewrite`

tactic does. Notice now that the subgoal is `S n' = S n'`

which `reflexivity`

will surely find to be true. So, what would happen if we had done `rewrite <- IHn'.`

?

```
1 focused subgoals (unfocused: 0)
, subgoal 1 (ID 16)
n' : nat
IHn' : n' + 0 = n'
============================
S (n' + 0 + 0) = S (n' + 0)
```

It rewrote all instances of `n'`

, which was the right hand side of the induction hypothesis with `n' + 0`

which was the left hand side of the induction hypothesis. Obviously, this isn’t what we want. I should note that you can undo this by rewriting to the right twice…

```
{
simpl.
rewrite <- IHn'.
rewrite -> IHn'.
rewrite -> IHn'.
reflexivity.
}
```

…and it will technically work. But don’t do this, it’s silly and there’s no room for silliness in a rigorous mathematical proof.

Personally, I have a hard time keeping it straight what the left and right rewrites do. I sometimes find myself just trying one, and then the other if I guessed wrong. Think of it like this: `rewrite -> foo`

rewrites the current goal, replacing all occurrences of the thing on the left hand side of the equation of `foo`

with the thing on the right hand side of the equation. It changes *from* the left *to* the right. And vice-versa for `rewrite <-`

, which changes *from* the right *to* the left.