I'm trying to prove eqb_neq:
Theorem eqb_neq : forall x y : nat,
x =? y = false <-> x <> y.
This is my current proof status:
During the proof I reached a final step where I just need to prove the additional helper theorem:
Theorem eqb_false_helper : forall n m : nat,
n <> m -> S n <> S m.
I've tried multiple strategies but now I'm not even sure it's possible to prove this helper theorem.
I'm not sure how to prove the base case using induction:
What else can I try? Any tips for eqb_neq or the helper theorem?
Thanks
It is actually quite simple for your helper theorem if you just unfold not :
Theorem eqb_false_helper : forall n m : nat,
n <> m -> S n <> S m.
Proof.
unfold not; intros.
apply H; injection H0; intro; assumption.
Qed.
You actually just need to prove that S n = S m -> False, you assume that n = m -> False, thus you can prove that S n = S m -> n = m, which is done injecting hypothesis S n = S m.
Related
Trying to solve eqb_trans I became stuck:
Theorem eqb_trans : forall n m p,
n =? m = true ->
m =? p = true ->
n =? p = true.
Obviously, we should use eqb_true to solve it:
Theorem eqb_true : forall n m,
n =? m = true -> n = m.
--------------------------------------------
Proof.
intros n m p H1 H2. apply eqb_true in H1.
apply eqb_true with (n:=m)(m:=p) in H2.
At this point we have:
n, m, p : nat
H1 : n = m
H2 : m = p
============================
(n =? p) = true
Now I wanted to use eqb_true upon the goal:
apply eqb_true with (m:=p).
But here we get an error:
Unable to unify "?M1056 = p" with "(n =? p) = true".
Why doesn't it work? How to fix?
When you apply a lemma to the goal, it is the conclusion of the lemma that must unify with the goal rather than its premise. The conclusion of this lemma is of the form _ = _, while your goal is (_ =? _) = true. These two cannot be unified, which leads to the error you see.
To prove eqb_trans, you need the converse of eqb_true, namely
forall n m, n = m -> (n =? m) = true,
which, after some simplification, is equivalent to
forall n, (n =? n) = true.
Theorem eqb_trans : forall n m p,
n =? m = true ->
m =? p = true ->
n =? p = true.
Proof.
intros n m p.
repeat rewrite Nat.eqb_eq.
intros.
rewrite H.
exact H0.
Qed.
-- Check Nat.eqb_eq.
Nat.eqb_eq
: forall n m : nat, (n =? m) = true <-> n = m
After destructing n in my proof, I am stuck at the following:
1 subgoal
n : nat
X : Type
h : X
t : list X
n' : nat
E : n = S n'
H' : length t = n'
IHl : length t = n -> nth_error t n = None
______________________________________(1/1)
nth_error t n' = None
I want to rewrite using IHl, but that is not possible. How do I compose IHl and H' to make sense and prove this theorem?
I am just trying to elaborate on #Arthur answer.
I was able to reproduce your goal with the following script:
Require Import List.
Lemma toto (n : nat) (X : Type) (l : list nat) : length l = n -> nth_error l n = None.
Proof.
induction l as [ | h t IHl].
case_eq n.
simpl; auto.
simpl; discriminate.
case_eq n.
simpl; discriminate.
intros n' E.
simpl; intros E'; injection E'; clear E'; intros H'.
and I agree that this goal cannot be proved. Now, if you instead start your proof with the following text (the Proof and induction lines have to be replaced), it will be provable (I checked).
Proof.
revert n.
induction l as [ | h t IHl]; intros n.
The difference is that the induction hypothesis now has the following statement.
forall n : nat, length t = n -> nth_error t n = None
What happened? In the first (faulty) variant, you attempt to prove a statement for all lists whose length is equal to a precise n, because n is fixed before you start the proof by induction. In the second (correct) variant, you attempt to prove a statement for all lists l, and this statement accepts any n as long as length l = n.
In the first variant, n is fixed and the equality length l = n restricts l to be among those that have length precisely n. In the second case, l is chosen first, and n is not fixed, but the equality length l = n restricts n to follow the length of l.
This is called "loading the induction" because the statement forall n, length l = n -> nth_error l n = None is stronger (it is loaded) than the statement that you attempt to prove in the first variant (just for one specific n), but surprisingly it is easier to prove.
You cannot, because your induction hypothesis is not general enough. Here is a statement that should be easier to prove:
forall (X : Type) (t : list X), nth_error t (length t) = None
Consider the following partial proof:
Theorem test : forall (n m : nat),
n = m -> S n = S m.
Proof.
intros n m H.
Executing until this point gives me the following:
1 subgoal
n, m : nat
H : n = m
______________________________________(1/1)
S n = S m
I would like to remove the Ss from the goal, obtaining the goal n = m. Is there a tactic that does this?
You are looking for the f_equal tactic.
I am trying to prove the following lemma in Coq:
Lemma not_eq_S2: forall m n, S m <> S n -> m <> n.
It seems easy but I do not find how to finish the proof. Can anybody help me please?
Thank you.
The thing to know is that in Coq, a negation is a function that implies False, so the S m <> S n is really S m = S n -> False. So instead of proving n <> m we can introduce the n = m (we can either unfold not or tell intros explicitly to do it) and get the goal False instead. But with n = m in the context we can rewrite HS: S n <> S m into HS: S n <> S n, which can be handled by auto, or many other tactics such as apply HS. reflexivity. or congruence. etc.
Lemma not_eq_S2: forall m n, S m <> S n -> m <> n.
Proof. intros m n HS HC.
rewrite HC in HS. auto.
Qed.
It's really easy (but the negation makes it a bit confusing).
Lemma not_eq_S2: forall m n, S m <> S n -> m <> n.
Proof.
unfold not. (* |- ... -> False *)
intros m n H C. (* ..., H : S m = S n -> False |- False *)
apply H. (* ... |- S m = S n *)
(* f_equal gets rid of functions applied on both sides of an equality,
this is probably what you didn't find *)
(* basically, f_equal turns a goal [f a = f b] into [a = b] *)
f_equal. (* ..., C : m = n |- m = n *)
exact C.
Qed.
Suppose I want to prove following Theorem:
Theorem succ_neq_zero : forall n m: nat, S n = m -> 0 = m -> False.
This one is trivial since m cannot be both successor and zero, as assumed. However I found it quite tricky to prove it, and I don't know how to make it without an auxiliary lemma:
Lemma succ_neq_zero_lemma : forall n : nat, O = S n -> False.
Proof.
intros.
inversion H.
Qed.
Theorem succ_neq_zero : forall n m: nat, S n = m -> 0 = m -> False.
Proof.
intros.
symmetry in H.
apply (succ_neq_zero_lemma n).
transitivity m.
assumption.
assumption.
Qed.
I am pretty sure there is a better way to prove this. What is the best way to do it?
You just need to substitute for m in the first equation:
Theorem succ_neq_zero : forall n m: nat, S n = m -> 0 = m -> False.
Proof.
intros n m H1 H2; rewrite <- H2 in H1; inversion H1.
Qed.
There's a very easy way to prove it:
Theorem succ_neq_zero : forall n m: nat, S n = m -> 0 = m -> False.
Proof.
congruence.
Qed.
The congruence tactic is a decision procedure for ground equalities on uninterpreted symbols. It's complete for uninterpreted symbols and for constructors, so in cases like this one, it can prove that the equality 0 = m is impossible.
It might be useful to know how congruence works.
To prove that two terms constructed by different constructors are in fact different, just create a function that returns True in one case and False in the other cases, and then use it to prove True = False. I think this is explained in Coq'Art
Example not_congruent: 0 <> 1.
intros C. (* now our goal is 'False' *)
pose (fun m=>match m with 0=>True |S _=>False end) as f.
assert (Contra: f 1 = f 0) by (rewrite C; reflexivity).
now replace False with True by Contra.
Qed.