Theorem implies_to_or_to_de_morgan_not_and_not :
implies_to_or -> de_morgan_not_and_not.
Proof.
unfold implies_to_or, de_morgan_not_and_not, not.
intros.
Admitted.
1 subgoal
H : forall P Q : Prop, (P -> Q) -> (P -> False) \/ Q
P, Q : Prop
H0 : (P -> False) /\ (Q -> False) -> False
______________________________________(1/1)
P \/ Q
This is from the 5 star exercise near the end of SF Logic chapter.
I've bashed my head against this particular problem for too many hours now, so I really have to ask at this point. I've already proven excluded_middle <-> peirce, peirce <-> double_negation_elimination, double_negation_elimination <-> de_morgan_not_and_not, implies_to_or <-> excluded_middle, de_morgan_not_and_not -> implies_to_or so I already have more than all the paths covered. To me that only makes this problem that much more confusing and I do not understand why I can't even get this proof off the ground.
Somehow there just is not that much to work with here.
One option would be to do exfalso and try to do something from there, but that would throw away the P \/ Q goal and I suspect that would be too much of a loss of information even if I could make some kind of headway.
Another option would be to try and destruct H, but in that case there is a problem of trying to prove P -> Q without anything usable being in the premise.
I've had trouble with exercises in the past week and managed to surmount them with effort, but I am not experienced enough to just let this thing lie without asking for advice. What exactly am I not seeing here?
Obviously, I do not want to convert de_morgan_not_and_not to some other
easier to solve classical law (like the excluded middle) as that would be besides the point.
Since the Software Foundations book explicitly asks not to publish solutions, let me give a hint.
Notice that the hypothesis H is universally quantified wrt both propositions it talks about.
This means you can supply any propositions for P and Q, even same ones. Basically, this observation lets you reason classically, which is enough to solve this problem.
Is there a particular reason you don't want to use your other proofs to prove this? It's fairly artificial to avoid using a result that you know is unconditionally true.
You can avoid manipulating de_morgan_not_and_not by using implies_to_or to perform case analysis on P and Q (refer to your proof of implies_to_or -> excluded_middle). Then you have four cases to look at, and all four resulting goals are simple 1-3 line proofs.
Related
It feels like the following Coq statement should be true constructively:
Require Import Decidable.
Lemma dec_search_nat_counterexample (P : nat -> Prop) (decH : forall i, decidable (P i))
: (~ (forall i, P i)) -> exists i, ~ P i.
If there were an upper bound, I'd expect to be able to show something of the form "suppose that not every i < N satisfies P i. Then there is an i < N where ~ P i". Indeed, you could actually write a function to find a minimal example by searching from zero.
Of course, there's not an upper bound for the original claim, but I feel like there should be an inductive argument to get there from the bounded version above. But I'm not clever enough to figure out how! Am I missing a clever trick? Or is there a fundamental reason that this cann't work, despite the well-orderedness of the natural numbers?
Reworked answer after Meven Lennon-Bertrand's comment
This statement is equivalent to Markov's principle with P and ~P exchanged. Since P is decidable we have P <-> (~ ~ P), so that one can do this replacement.
This paper (http://pauillac.inria.fr/~herbelin/articles/lics-Her10-markov.pdf) suggest that Markov's principle is not provable in Coq, since the author (one of the authors of Coq) suggests a new logic in this paper which allows to prove Markov's principle.
Old answer:
This is morally the "Limited Principle of Omniscience" - LPO (see https://en.wikipedia.org/wiki/Limited_principle_of_omniscience). It requires classical axioms to prove it in Coq - or you assert itself as an axiom.
See e.g.:
Require Import Coquelicot.Markov.
Check LPO.
Print Assumptions LPO.
Afair there is no standard library version of it.
I have to prove the following statement : (A -> B) <-> ~A \/ B which is the decomposition of implication. I can use the ~~A -> A axiom as it is given in the exercise, but I'm stuck pretty early in the demonstration.
I start by splitting then introducing, then I've tried a bit of everything (right, left, apply the absurd axiom then introducing) but nothing looks convincing and I don't really know where to go from there...
Any suggestions ?
From the axiom forall A, ~~A -> A that you were given, you can prove the law of the excluded middle, forall A, A \/ ~A. They are actually logically equivalent.
If you do that, then it is easy for you to solve your assignment.
I don't give the full solution here because it is not good to give solutions to course exercises, and I promise you will learn from doing it.
But as a small hint, when trying to prove
Goal (forall A, ~ ~ A -> A) -> (forall A, A \/ ~ A).
the first steps are intros H A. apply H. intros C.
I am interested in the probably false lemma :
Lemma decideOr : forall (P Q : Prop),
(P \/ Q) -> {P} + {Q}.
that asserts we can algorithmically decide any proof of an or in sort Prop. Of course, Coq does not let us destruct the input to extract it in sort Set. However, a proof of P \/ Q is a lambda-term that Coq accepts to print, so external tools can process it.
First question : can this lambda-term be decided outside of Coq (assuming the term uses no axioms, only plain Coq) ? It might be, because the rules of constructive logic demand that all disjunctions be explicitely chosen, without cheating by a proof by contradiction. So can we code a parser of Coq proof terms, and try to decide whether the first or the second operand of the or was proved ? If the term starts with or_introl or or_intror we are done. So I guess the problems are when the term is a lambda-application. But then Coq terms are strongly normalizing, so we reduce it to a normal form and it seems it will start with either or_introl or or_intror.
Second question : if this problem can be decided outside of Coq, what prevents us from internalizing it within Coq, ie proving lemma decideOr above ?
First question
Yes, you can write a program that takes as input a Coq proof of A \/ B and outputs true or false depending on which side was used to prove the disjunction. Indeed, if you write
Compute P.
in Coq, where P : A \/ B, Coq will normalize the proof P and print which constructor was used. This will not work if P uses proofs that end in Qed (because those are not unfolded by the evaluator), but in principle it is possible to replace Qed by Defined everywhere and make it work.
Second question
What prevents us from proving decideOr is that the designers of Coq wanted to have a type of propositions that supports the excluded middle (using an axiom) while allowing programs to execute. If decideOr were a theorem and we wanted to use the excluded middle (classical : forall A : Prop, A \/ ~ A), it would not be possible to execute programs that branch on the result of decideOr (classical A). This does not mean that decideOr is false: it is perfectly possible to admit it as an axiom. There is a difference between not being provable ("there does not exist a proof of A") and being refutable ("there exists a proof of ~ A").
After proving tens of lemmas in propositional and predicate calculus (some more challenging than others but generally still provable on an intro-apply-destruct autopilot) I hit one starting w/ ~forall and was immediately snagged. Clearly, my understanding and knowledge of Coq was lacking. So, I'm asking for a low-level Coq technique for proving statements of the general form
~forall A [B].., C -> D.
exists A [B].., ~(C -> D).
In words, I'm hoping for a general Coq recipy for setting up and firing counterexamples. (The main reason for quantifying over functions above is that it's a (or the) primitive connective in Coq.) If you want examples, I suggest e.g.
~forall P Q: Prop, P -> Q.
~forall P: Prop, P -> ~P.
There is a related question which neither posed nor answered mine, so I suppose it's not a duplicate.
Recall that ~ P is defined as P -> False. In other words, to show such a statement, it suffices to assume P and derive a contradiction. The crucial point is that you are allowed to use P as a hypothesis in any way you like. In the particular case of universally quantified statements, the specialize tactic might come in handy. This tactic allows us to instantiate a universally quantified variable with a particular value. For instance,
Goal ~ forall P Q, P -> Q.
Proof.
intros contra.
specialize (contra True False). (* replace the hypothesis
by [True -> False] *)
apply contra. (* At this point the goal becomes [True] *)
trivial.
Qed.
Help needed with an exercise from Software Foundations. This is the theorem:
Theorem plus_n_n_injective : ∀n m,
n + n = m + m →
n = m.
Proof.
I end up with n = 0 as goal and n + n = 0 as hypothesis. How to move on?
n + n cannot be simplified further because n is a variable, not a type constructor.
You can expose all the construction cases of n by destructing it as Ptival said. However using inversion in this context seems to me a bit extreme and not what this Sf exercise is about.
When replaced by the O constructor, O + O will reduce (using simpl for example) to O and reflexivity should do the trick.
When replaced by the S constructor, S foo + bar will always reduce to the shape S something, which can't be equal to O (the easiest way to assert that is by using discriminate) because they are two constructors of the same type.
Best,
V.
If you inspect n (destruct it), it's either going to be 0 in which case the goal is provable by reflexivity, or S n' in which case the hypothesis is contradictory by congruence/inversion.
The trick to solving this problem can be garnered from the Theorem for length_snoc' previously shown in the same chapter.
As this was the first time so far in the book that introducing some of the variable/hypothesis after doing an induction on n, this may come off as unusual to newcomers (like me). This allows you to get a more general hypotheses in your context after proving for the base case.
As mentioned before, you will be able to prove some goals simply by reflexivity. Some of them can be proven by inversion on a false hypotheses in your context(those should become straightforward once you spot them, the idea that 2 + 2 = 5 -> anything is true can go a long way).
Finally, you will have to rework one of your hypotheses using the previously defined lemmas plus_n_Sm and eq_add_S as well as symmetry to be able to apply the more general hypotheses we discussed earlier.