I am thinking about proof irrelevance in COQ.
One provable statement says:
If equality of a type is decidable then there can be only one proof for the equality statement, namely reflexivity.
I wonder if its possible to construct types with more than one equality proof in COQ. Therefore I ask if the following construct is consistent?
(*it is known that f=g is undecidable in COQ *)
Definition f(n:nat) := n.
Definition g(n:nat) := n+0.
Axiom p1: f=g.
Axiom p2: f=g.
Axiom nonirrelevance:p1<>p2.
What me puzzles here is the fact that by introducing p1 I made the equality f=g decidable and therefore it should only have one proof! What is my error in reasoning here?
Is that all a pure COQ behaviour or is it similar in HOTT?
I think you're confusing several things.
The provable statement you are speaking of can be found in https://coq.inria.fr/library/Coq.Logic.Eqdep_dec.html and is
Theorem eq_proofs_unicity A (eq_dec : forall x y : A, x = y \/ x <> y) (x : A) :
forall (y:A) (p1 p2:x = y), p1 = p2.
Now what is quite interesting is the type of eq_dec. First of all, it doesn't even really ask for equality to be decidable, it just asks for it to be true or false which is way less stronger than {x = y} + {x <> y}
Then notice that it doesn't ask this just for the x and y to prove the equality irrevelance of, it ask this property for all functions.
So you would need to prove your contradiction that forall (f g : nat -> nat), f = g \/ f <> g which you cannot. p1 is just a proof that f = g \/ f <> g for your specific f and g.
Notice though that if you could, it would just mean that there is no way to build a system in which you can compare functions and yet have multiple ways which are provably different to check them.
Finally, for P to be undecidable only means that there is no constructible functions over {P} + {~P} yet, it doesn't mean that adding one as an axiom leads to a contradiction. Just adding that in case it wasn't clear.
Related
Is it possible to rewrite something that uses variables from another scope,
such as a function call that uses a variable from a match, fun, or fix ?
For example,
Theorem foo (f : nat -> nat) (rw : forall x, f x = 5) x : match x with
| 0 => 5
| S a => f a
end = 5.
rewrite rw.
(* Error: Found no subterm matching "f ?M160" in the current goal. *)
destruct x; try rewrite rw; apply eq_refl.
Qed.
So, the theorem is provable, but trying to rewrite rw initially fails,
seemingly because a is in another scope. But, the rewrite applies
unconditionally, so it seems like it should apply there too.
Of course, this is a toy example. Assume that, in a real-world scenario,
getting into the scope is a bit more complicated than just a destruct.
From Rewrite tactic fails to find term occurrence within pattern matching it looks like this isn't possible in Coq. So, is it just that it isn't implemented, or does it cause contradictions or allow for bad behavior like smuggling variables out of their scope?
What about harder cases like fix ?
You have likely heard that the Logic of Coq is not powerful enough to derive functional exensionality.
Now what you prove above is a point wise equality, that is you prove that an applied function has a certain value.
A rewrite in the match would correspond to a proof that two unapplied functions are equal: The original match statement (which is a function of x) and the rewritten match statement (also a function of x). This means you would prove a more general result as intermediate step - and Coq's logic is not able to prove this more general result.
Functional extensionality is compatible with Coq's logic, though. So one can add it as axiom and then one can add some setoid instances which allow to setoid_rewrite under binders. But afaik this does not work for rewrites under matches either.
It would also be possible to detect that in the end you prove a point wise equality, do the destruct behind the scenes, do the point wise rewrite and put things together again, but this would work only in rather trivial cases, which I guess are not sufficiently interesting to implement this.
To close here is an example of proving functional extensionality (suggested by the edit by #scubed) with a rewrite under binders - which is enabled by a global type class instance which is itself based on the functional extensionality axiom. So this proves an axiom with itself and it doesn't help for your match case, but it shows that rewriting under binders is equivalent to functional extensionality.
Require Import PeanoNat.
Require Import Setoid.
Require Import Morphisms.
Definition fun1 (x : nat) := x + 1.
Definition fun2 (x : nat) := 1 + x.
Example Fun1EqFun2: fun1 = fun2.
Proof.
unfold fun1, fun2.
Fail setoid_rewrite Nat.add_comm.
Abort.
Require Import FunctionalExtensionality.
(* This is derived from the error message of setoid_rewrite above *)
Global Instance:
forall (A B : Type),
Proper
(#pointwise_relation A B eq ==>
#pointwise_relation A B eq ==> Basics.flip Basics.impl) eq.
Proof.
(* See what all this Setoid stuff actually means ... *)
unfold Proper, pointwise_relation, respectful, Basics.flip, Basics.impl.
intros A B f g fgeq f' g' fg'eq gg'eq.
apply functional_extensionality.
intros x.
rewrite fgeq, fg'eq, gg'eq.
reflexivity.
Qed.
Theorem eq_arg (A B : Type) (f : A -> B) : f = (fun x => f x). reflexivity. Qed.
Lemma functional_extensionality' :
forall (A B : Type), forall (f g : A -> B),
(forall a : A, (f a) = (g a)) -> f = g.
Proof.
intros.
setoid_rewrite eq_arg at 2.
setoid_rewrite H.
reflexivity.
Qed.
Completely new to coq here.
I know about the exists tactic to prove an existential goal, but in this case it wants a function mapping from two sets. What is the syntax for demonstrating such a function?
And if there is no such function how would I disprove this? (I would suppose through a contradiction, but then how would I pose a contradictory hypothesis?)
Context: Trying to work out the proof that all surjective functions have a right inverse.
1 subgoal
A, B : Set
f : A → B
H : ∀ b : B, ∃ a : A, f a = b
______________________________________(1/1)
∃ g : B → A, ∀ b : B, f (g b) = b
Of course, whether or not a function g exists depends on accepting axiom of choice, so where does that come into coq?
I did find this solution:
https://gist.github.com/pedrominicz/0d9004b82713d9244b762eb250b9c808
and the associated reddit post
https://www.reddit.com/r/logic/comments/fxjypn/what_is_not_constructive_in_this_proof/
But I didn't understand it/didn't work for me.
So, what I want to know is:
How do you specify axiom of choice in coq (to prove/disprove this)?
In general, how would I construct a function to provide witness to an existential goal? (I also want to show that all injective functions have a left inverse)
There are several variants of the axiom of choice in the Coq type theory. You can look at the Coq.Logic.ChoiceFacts module for a reasonably comprehensive list of the various formulations and their relative power.
As far as I can tell, your example is equivalent to the axiom of functional choice. One elegant way to phrase and assume it is the following.
Axiom functional_choice : forall (A : Type) (B : A -> Type),
(forall x : A, inhabited (B x)) -> inhabited (forall x : A, B x).
The inhabited type is an inductive box that hides the computational content of a proof in Type into a Prop value that can only be inspected to produce more Prop values. In particular, This axiom is pretty innocuous from the point of view of computation since it only produces values in Prop. There are much more violently non-computational examples of choice like global choice which can be stated as:
Axiom global_choice : forall (A : Type), inhabited A -> A.
This one allows to extract computational content out of thin air.
Here is an answer that is a complete script (tested with coq 8.13.2). Coq by default does not have the axiom of choice loaded, so you need to say explicitly that you are going to work with it.
Require Import ClassicalChoice.
Lemma question (A B : Set) (f : A -> B) :
(forall b, exists a, f a = b) -> exists g, forall b, f (g b) = b.
Proof.
intros H.
apply (choice (fun y x => f x = y)).
exact H.
Qed.
Given the definition:
Definition cast (a b:Type) (p:a = b) (x:a) : b :=
match p with
| eq_refl _ => x
end.
I was hoping that the following lemma would be provable:
Lemma cast_cast_is_id : forall (a b:Type) (x:a) (p:a = b) (q:b = a),
cast b a q (cast a b p x) = x.
However, I do not seem to be able to carry out a proof for this. I can destruct p successfully, but cannot destruct q after that. Replacing the lemma's statement with eq_sym p instead of arbitrary q does not help me either it seems.
I fear I have unwittingly stumbled into some subtle point of HoTT.
Can anyone prove this lemma or is it known to be unprovable without further axioms?
I am not completely sure, but it seems to me that what you are trying to prove is no different from forall a (p:a=a), p = eq_refl. If so, you cannot prove it in Coq, unless you know something about a, e.g., decidable equality. In that case, you can use the results on UIP (unicity of identity proofs) from the standard library.
I wanted to see a few hands on examples of Coq proofs of the form:
\exists A(x1,...,xn)
essentially where the Goal had an existential quantifier. I was having issues manipulating the goal in meaningful ways to make progress in my proof and wanted to see a few examples of common tactics to manipulate.
What are some good existential quantifiers examples in Coq to prove?
My specific example I had:
Theorem Big_Small_ForwardImpl :
forall (P : Program) (S' : State),
(BigStepR (B_PgmConf P) (B_StateConf S')) -> (ConfigEquivR (S_PgmConf P) (S_BlkConf EmptyBlk S')).
Proof.
intros.
induction P.
unfold ConfigEquivR.
refine (ex_intro _ _ _) .
my context and goals was:
1 subgoal
l : list string
s : Statement
S' : State
H : BigStepR (B_PgmConf (Pgm l s)) (B_StateConf S')
______________________________________(1/1)
exists N : nat, NSmallSteps N (S_PgmConf (Pgm l s)) (S_BlkConf EmptyBlk S')
but then changed to:
1 subgoal
l : list string
s : Statement
S' : State
H : BigStepR (B_PgmConf (Pgm l s)) (B_StateConf S')
______________________________________(1/1)
NSmallSteps ?Goal (S_PgmConf (Pgm l s)) (S_BlkConf EmptyBlk S')
after using the refine (ex_intro _ _ _) tactic. Since I am not sure what is going on I was hoping some simpler examples could show me how to manipulate existential quantifiers in my Coq goal.
helpful comment:
The ?Goal was introduced by Coq as a placeholder for some N that will have to be deduced later in the proof.
The following example is based on the code provided in this answer.
Suppose we have a type T and a binary relation R on elements of type T. For the purpose of this example, we can define those as follows.
Variable T : Type.
Variable R : T -> T -> Prop.
Let us prove the following simple theorem.
Theorem test : forall x y, R x y -> exists t, R x t.
Here is a possible solution.
Proof.
intros. exists y. apply H.
Qed.
Instead of explicitly specifying that y is the element we are looking for, we can rely on Coq's powerful automatic proof mechanisms in order to automatically deduce which variable satisfies R x t:
Proof.
intros.
eexists. (* Introduce a temporary placeholder of the form ?t *)
apply H. (* Coq can deduce from the hypothesis H that ?t must be y *)
Qed.
There exist numerous tactics that make ise of the same automated deduction mechanisms, such as eexists, eapply, eauto, etc.
Note that their names often correspond to usual tactics prefixed with an e.
I've proved an equivalence and_distributes_over_or:
Theorem and_distributes_over_or : forall P Q R : Prop,
P /\ (Q \/ R) <-> (P /\ Q) \/ (P /\ R).
Elsewhere I have a goal of
exists x0 : A, f x0 = y /\ (x = x0 \/ In x0 xs)
(For context I'm working through Logical Foundations; I'm on the In_map_iff exercise of the chapter on constructive logic. Please don't tell me the solution to the exercise though!)
I tried to use rewrite and_distributes_over_or on my goal (to get exists x0 : A, (f x0 = y /\ x = x0) \/ (f x0 = y /\ In x0 xs)). I got an error:
Found no subterm matching "?P /\ (?P0 \/ ?P1)" in the current goal.
Using my human brain I can see what seems to be a very obvious subterm of that form in the goal. Why can't Coq, with its non-human non-brain, see it under the existential quantifier? Do you have any tips to make this work?
I've read a previous question with a similar title to this one but that's about rewriting in hypotheses, not goals, and the answer doesn't appear to be applicable to my situation.
Just use setoid_rewrite instead of rewrite, and make sure to Require Setoid. (though loading List has already done so in this case).
The pattern Coq is looking for is underneath a binder; that is, it's in the body of a function. The binder isn't obvious because it's part of the exists, but your goal is actually ex (fun (x0:A) => f x0 = y /\ (x = x0 \/ In x0 xs)), and Coq's notation mechanism prints it nicely as exists x0, .... The basic rewrite tactic can't do rewrites inside functions, but setoid_rewrite can.
Aside: note that the definition ex and its notation exists x, ... aren't built-in to Coq but are defined in the standard library! You can inspect these sort of things with Locate exists (to find the notation) and Print ex (to view the definition). There's also Unset Printing Notations. if you're not sure what notations are in use, though bear in mind that there are a lot of notations you probably take for granted, like /\, =, and even ->.