Which tactics can I use to perform simplifications of rational expressions and prove trivial rational equivalences as shown in the following example?
Require Import Coq.QArith.QArith.
Open Scope Q_scope.
Lemma Example : (0 + 0) / 1 == 0.
I don't know much about rational in Coq, but if their implementation is constructive, you'll be able to simplify such expressions using simpl (you might need to first unfold some definitions) or compute. Since reflexivity is done modulo conversion, it should also solve such goals.
However, you might have trouble simplifying expression with free variable (for example that
forall q:Q, (q + 0) / 1 = q.
Maybe there's a tactic like omega dedicated to this task. You could maybe try with ring or lia.
Related
How to deal with with the division in a goal?
Because I have a goal which is clearly true... However I cannot use lia and I think that this is related to the division.
2 ^ k / 2 ≤ 2 ^ k
Bellow is my COQ screen:
There is no automation for division on naturals - they don't even form a field. But the corresponding lemmas are not hard to find with Search:
Require Import Lia.
Goal forall k:N, 2 ^ k / 2 <= 2 ^ k.
Proof.
intros k.
Search (?a/?b <= ?a/?c).
Search (_/1).
rewrite <- N.div_1_r.
apply N.div_le_compat_l.
lia.
Qed.
If you have really complicated terms, you can embed the goal into reals using floor (a/b) for integer a/b and then use coq-interval. The embedding is easy to automate and coq-interval is quite powerful for proving real inequalities, but it might choke if you have more than a few floors. You can combine it with coq-gappa then to get rid of the floors. It gets quite involved then, but still fully automated. But be aware that it might not be able to prove very tight inequalities, since it uses real analysis.
Nia (Require Import Psatz), as suggested by Ana, can't solve this (and I honestly stopped trying it).
Division on natural numbers is not as easy to manage as on rationals or reals (think 1 / 3). One way out of this could be to try to reframe your constraints with multiplication instead; for instance, n < m / p can sometimes be handled as n * p < m. Otherwise, using a library for rationals could be a solution.
I'm using Coq and Coquelicot Library, and I'd like to know a better way to handle limit easily.
When I want to prove \lim_{x \to 1} (x^2-1)/(x-1) = 2, I code as follows.
Require Import Reals Lra.
From mathcomp Require Import all_ssreflect.
From Coquelicot Require Import Coquelicot.
Lemma lim_1_2 : is_lim (fun x:R => (x^2 - 1)/(x - 1)) 1 2.
Proof.
apply (is_lim_ext_loc (fun x:R => x + 1)).
- rewrite /Rbar_locally' /locally' /within /locally.
exists (mkposreal 1 Rlt_0_1).
move => y Hyball Hyneq1.
field; lra.
- apply is_lim_plus'; [apply is_lim_id | apply is_lim_const].
Qed.
In this example, I explicitly write the goal term (fun x:R => x + 1). Is there any way to transform (fun x:R => (x^2 - 1)/(x - 1)) to (fun x:R => x + 1) like rewrite tactic? In other words, I'm looking for a similar tactic as under for eq_big_nat.
Coquelicot is optimized for ease of use and uses total functions rather than dependent restrictions wherever possible - e.g. you can write down an integral without having a prove that it exists, but as far as I know this does not extend to division by zero. To make your above equation work, one would need a definition of division, which somehow can handle the 0/0 you get for x=1. One can define a division for functions (polynomials) which can handle this in a reasonable way - and this is what you are using implicitly by stating that this makes sense, but one cannot define division for individual real numbers which can handle 0/0 in the way you would like. But the division operator you use above is a division on individual numbers and not on polynomials. In informal mathematics one is sometimes a bit sloppy about such things.
Besides the 0/0 issue, you also would have to use the axiom of functional extensionality, which states that two functions are equal in case they are equal for each point.
Here is a snippet of Coq which shows what one can be done and where the issues are :
Require Import Reals.
Require Import Lra.
Require Import FunctionalExtensionality.
Open Scope R.
Definition dom := {x : R | x<>1}.
Definition dom2R (x : dom) : R := proj1_sig x.
Coercion dom2R : dom >-> R.
Example Example:
(fun x : dom => (x^2 - 1)/(x - 1))
= (fun x : dom => x + 1).
Proof.
apply functional_extensionality.
intros [x xH].
cbv.
field.
lra.
Qed.
All in all it is not that bad with the implicit coercion from dom to Real, although the function is in reality more complicated than it looks since each x is an implicit coercion projecting from dom to R.
Also one could have an axiom of functional extensionality, which works if the domain of one function is a subset of the domain of the other function. I am not sure if this would be consistent, though and it would also require a non standard definition of equality because with the usual equality only things of the same type can be equal. This would allow you to equate the polynomial fraction with the polynomial on the full R.
I hope this explains why things are as they are. Coquelicot relies on the division operator from the standard library, for which you can't prove anything in case the denominator is zero. This is sometimes inconvenient, but to my knowledge (which is not very extensive - I am physicist not mathematician) up to now nobody came up with a definition of division which allows you to easily do what you want.
I have an abstract syntax for Presburger arithmetic, along with a fixpoint function determining a given formula's propositional denotation (you can see it here: https://gist.github.com/d4hines/d9a0c674f324cab46d2cf0967bde1ac3).
I'd like to prove that the truth value of any given formula is decidable. Since it's Presburger arithmetic, I know it must decidable. I've heard that the decision procedures for Presburger arithmetic are very complicated. I'd like to reuse the existing one in Coq.
How can I do this?
Thanks!
There are a few reasons why lia will not be of great help to you.
A small true goal like exists x : Z, 2 < x < 4 is not solved by lia: this tactic is not complete for Prestburger arithmetic
Even if lia was complete for Presburger, it would act as an oracle: giving you an answer every time you need one for a true formula. But when presented with a false formula, lia only says to Coq I can't do it, it does not say I have a proof that this can't be done. In other words, the information that a proof procedure is complete may not be stored in the Coq system as a Coq readable proof.
I am a little confused whether the injectivity of the successor function defined on natural numbers in Coq is an axiom? According to Wikipedia/Peano axioms, it is an axiom (7). When I look at Coq.Init.Peano manual page I see the following:
Definition eq_add_S n m (H: S n = S m): n = m := f_equal pred H.
Hint Immediate eq_add_S: core.
and it looks like an axiom (?) but what confused me was that in the top of that page it said:
It states various lemmas and theorems about natural numbers, including Peano's axioms of arithmetic (in Coq, these are provable)
This sentence is a bit ambiguous no?
The command you saw is actually a proof of the injectivity of the S constructor. More precisely, it says that the successor function is injective because it has an inverse: the predecessor function (pred). (In Coq, axioms are generally introduced with the keyword Axiom.)
You seem to be confused by what I think are two related senses of the word "axiom." The broader sense in logic is that of a "starting point of reasoning" (Wikipedia). The narrower sense is that of an assertion that is taken for granted in a deductive system without further proof. In Peano arithmetic, Peano's axioms are axioms in both senses of the word, since they primitive. In Coq, ZFC set theory, and other systems, they can be proved from more elementary facts.
In the Coq standard library, there is an enumerated type called comparison with three elements Eq,Lt,Gt. This is used to define the less-than or less-than-or-equal operators in ZArith: m < n is defined as m ?= n = Lt and m <= n is defined as m ?= n <> Gt. By virtue of Hedberg's theorem (UIP_dec in the standard library) I can prove that < is proof-irrelevant, but I run into issues when it comes to <=, since it is defined negatively. I find this particularly annoying, since if <= were defined in the, IMO, more natural way (m ?= n = Lt \/ m ?= n = Eq) I would be able to prove proof-irrelevance just fine.
Context: I'm using some previously written Coq files where the author uses proof irrelevance as a global axiom to avoid bringing in setoids, and for aesthetic reasons I would prefer to do without axioms. It seems then to me that my options are:
Hope that ultimately Z.le as currently defined is still proof-irrelevant
Use my own definition(s) so that proof irrelevance is provable (less satisfying since I'd like to stick to the standard library as much as possible)
Rework things with setoids
No, this is not provable in Coq. It depends on the axiom of function extensionality, which says that (forall x, f x = g x) -> f = g. It's quite easy to prove that all negations are proof irrelevant under this assumption (since False is proof irrelevant), and quite impossible to prove that any negations are proof irrelevant without it.