Lecture 3: Making proofs in Coq

(credits: Yves Bertot)

Goal directed proof

4  In theory, proving is the same as programming

4  In practice, intermediate statements are more relevant than proof constructs

4  Procedural approach

1. State an initial statement

2. Apply a command that decomposes a statement into easier ones

3. repeat step 2

4  Sometimes step 2 does not produce new statements

4  When no more subgoals, the proof must be saved using Qed.

4  Proof scripts record only the commands that have been applied

4  Difficult reading, script management is needed

Start a proof

4  Lemma name : formula

======

formula

4  The name must be new

4  The formula must be well-formed

4  Other keywords can be used

4 Theorem, Fact, Example

Decomposing a logical formula

4  Example: A /\ B

4  We want to prove A and B as one formula

4  But logically, it is enough to prove A and B separately

4  To go from A /\ B to A and B requires a logical step

4  This example was about a conclusion, we can have similar problems when A /\ B appears as an hypothesis

Hypotheses and conclusion

4  During a proof, Coq displays goals

4  Each goal contains a conclusion: the formula to prove

4  Each goal also contains a context made of hypotheses

4 Each hypothesis has a name and a statement

4  Example

H1 : x <= y

H2 : y <= z

======

x <= z

Using the context

4  Hypotheses are meant to be used to prove the current goal

4  When an hypothesis H : matches the goal exactly, use exact H.

4  You can also use assumption.

4 H : A

======

A

exact H.

the goal is solved!

4  Exact matching may involve computation

4 H : P 3

======

P (2+1)

assumption.

the goal is solved!

Tactics for universal quantification (in conclusion)

4 How do we prove forall x:T, A x ?

4 Reason on an arbitrary member of type T

4 Arbitrary: we do not know anything about it, it is new

4 Tactic : intros

======

forall x : T, A x

intros y.

y : T

======

A y

4 y must not be in the context (it must be fresh)

4 usually, we use directly the name x (here changed for illustration purpose)

Implication (in conclusion)

4  How do we prove that A -> B holds?

4 We assume we know A, and then we look at just B

4  Add A to the known facts (the context)

4  intro H (the name H must be fresh)

Universal quantification (in hypotheses)

4  How to use forall x T, A x -> B x?

4  In particular if we have to prove B e

4  H : forall x T, A x -> B x
===============

B e

apply H.

H : forall x T, A x -> B x

===============

A e

4  Coq guesses that H is used on e

4  Beware! apply handles all universal quantifications and implications in one round

4 Guess values of universally quantified variables

4 Create a new goal for every premise of an implication

Missing universally quantified variables

4 The guess work is done by matching the conclusion of the theorem with that of the goal

4 Hopefully, all universally quantified variable can be determined

4 missing variables can be given by the user

4 Example

4 This theorem can be used in apply (like any hypothesis)

4 The variable y does not occur in the conclusion of the theorem.

Giving missing variables

4  First syntax: by name

apply Z.le_trans with (m:= formula)

4  Second syntax: by hypothesis
H : x <= 3

===============

x <= 10

apply Z.le_trans with (1:=H).

H : x <= 3

===============

3 <= 10

4  Third syntax: by application

apply (Z.le_trans x 3) or apply (Z.le_trans _ 3)

4  Universally quantified theorems can be used like functions!

Implications (in hypotheses)

4 A particular case of apply

4 No variable needs guessing

4 as many new goals as there are premises

4 A particular case: when no implication (no premise), apply works, but exact is more explicit

Using implications and quantifications without the conclusion

4 Add explicitely consequences using assert

4 H : A -> B

Ha : A

===============

C

assert (H1: B).

=================

B

apply H.

=================

A

4 A second goal has the hypothesis H1 stating B

Theorems as functions

4 Implication and quantification theorems may be used as functions

4 H : A -> B

G : forall x : T, D x

Ha : A

e :T

===============

C

assert (H1 := H Ha).
H1 : B

===============

C

assert (G1 := G e)
G1 : D e

===============

C

Conjunction

4  Prove A /\ B
split

4  Use H : A /\ B

destruct H as [H1 H2] or case H

4 creates two hypotheses H1 : A and H2 : B

4   the names H1 and H2 have to be fresh

4  Behavior intuitive: replace connectives by their meaning

4  Name of tactics needs to be remembered...

Disjunction

4  Prove A \/ B

4  Choose to prove A or to prove B
left or right

4  Use H : A \/ B

destruct H as [H1 | H2] or case H

4 Two goals generated, one where A is given as hypothesis H1, one where B is given as hypothesis H2

4 Need to cover all possibilities

4  Some of the tactics have the same name as for conjunction

Short cut for destruct

4 In presence of nested logical connectives

4 frequent situation destruct H as [H1 H2] followed by destruct H1 as [H3 | H4]

4 Abbreviated as destruct H as [[H3 | H4] H2]

4 Two goals, one with H3 and H2, the other with H4 and H2

4 Second frequent situation intros H followed by destruct H as [H1 H2]

4 abbreviated as intros [H1 H2].

Combining tactics

4 Use several tactics in one command

4 tac1; tac2,

tac2 is used on all goals generated by tac1

4 tac;[tac1| ...| tacn],

taci is applied on the ith generated goal

demonstration

Existential quantification

4  Prove exists x: T, A x

4  You have to find an expression e of the right type exists e

4  and then prove A e

4  Use H : exists x: T, A x

4 destruct H as [y Hy] or case H.

4  moving from the connective [there exists] to the situation where [there exists] a guy with the right properties

Falsehood and Negation

4 False cannot be proved in the empty context

4  Use H : False

destruct H or case H

4 Anything can be deduced from False

4  No new goals

4  Prove ~A

4 assume A and show there is a contradiction intros Ha

4  Use H: ~A

4  Do this when you know you can prove A destruct H or case H

Negation demonstration

Lemma example_neg   forall A B: Prop, A -> ~A -> B.

intros A B Ha Hn.

Ha: A
Hn: ~A

=============

B

case Hn.

Ha: A

Hn: ~A

=============

A

Equality

4 Prove x = x
reflexivity

4 Use H : forall x y, f x y = g x y
rewrite H, rewrite <- H, rewrite H in H1, etc.

4 find occurrences of f ? ? in the goal and replace with the corresponding instance of g ? ?

4   Variables must be guessed, as for apply

4   Variable guessing can be tuned by the user

4 Other approach to using equalities: injection to be studied later

4 Other approach to proving equalities: ring

Automatic proofs

4auto, tauto, intuition, trivial are worth trying for statements of propositional logic.

4firstorder is especially suited for proofs that may involve instantiating universal quantifiers (first-order logic).