coq


Proof on booleans, false = true


I currently am at chapter 5 of "Software foundations" but felt the need to get back to chapter one to clarify a couple of things. In particular there is an exercise I did not quite digested, in which we are asked to use destruct twice to prove a result on booleans. Here it is with names and other details changed.
Inductive bool: Type :=
|true: bool
|false: bool.
Definition fb (b1:bool) (b2:bool) : bool :=
match b1, b2 with
| false, false => false
| _, _ => true
end.
Theorem th: forall a b: bool,
fb a b = false -> b = false.
Proof.
intros [] [] H.
- rewrite <- H. reflexivity.
- reflexivity.
- rewrite <- H. reflexivity.
- reflexivity.
Qed.
When at the first tick, context and goal are both nonsense:
H : fb true true = false
______________________________________(1/1)
true = false
Second tick the hypothesis is false. Third tick is same kind of nonsense as first one. Only fourth tick is reasonable with:
H : fb false false = false
______________________________________(1/1)
false = false
I understand that by the rewrite rules, all these things do work. However I have the impression we are quitting the narrow path of truth for the wilderness of falsity. More precisely, and AFAIK, a false hypothesis can be made to prove ANY statement, true or false. Here we use it to prove that false = true, OK why not, but still that makes me feel somewhat uncomfortable. I would not have expected a proof assistant to allow this.
Elaborating a bit
In a typical proof by contradiction, I would pick an hypothesis at random, and derive the goal till I find either a tautology or a contradiction. I would then conclude whether my hypothesis was true or false.
What happens here, in cases 1 (same for case 3), Coq starts from an hypothesis that is false:
H : fb true true = false
applies it to a goal that is a contradiction:
true = false
and combines them to find a tautology.
That is not a way of reasoning I am aware of. That recalls student 'jokes' where starting with 0=1 any absurd result on natural numbers can be proven.
Followup
So this morning during my commute I was thinking about what I had just written above. I now believe that cases 1 and 3 are proper proofs by contradiction. Indeed H is false and we use it to prove a goal that is a false. Hypotheses (values of a and b) have to be rejected. What may have confused me is that using rewrite we are doing part of the way "backward", starting from the goal.
I am a bit undecided for case 2, which reads:
H : fb true false = false
______________________________________(1/1)
false = false
which is basically false -> true, a tautology under the "principle of explosion". I would not think that could be used so directly in a proof.
Oh well, not sure I completely understood what's under the hood, but trust in Coq is untouched. Gotta go on and return to chapter 5. Thanks all for your comments.
First of all, thanks for providing a self-contained code.
I understand your uneasiness proving a goal using rewrite when you know that what you really ought to do is to derive a contradiction from the hypotheses. That does not make the reasoning incorrect though. It is true that under such assumptions you can prove this goal.
However I also think that this does not make the proof script really readable. In your example, you are considering all possible cases and it happens that three out of these four are impossible. When we read your proof we cannot see that. To make it clear that you are in an impossible case, there are a few tactic which are useful to say "look, I am now going to prove a contradiction to rule out this case".
One of them is exfalso. It will replace the current goal by False (since anything can be derived from False, as mentioned by #ejgallego in a comment).
A second one is absurd to say "I am now going to prove some statement and its negation" (this is basically equivalent to proving False).
A third one which is enough in your case is discriminate. It tries to find in the hypotheses a contradictory equality, such as true = false.
Theorem th: forall a b: bool,
fb a b = false -> b = false.
Proof.
intros [] [] H.
- discriminate.
- discriminate.
- discriminate.
- reflexivity.
Qed.
Now, just so you know, discriminate and reflexivity are both tried by the easy tactic. Thus the following proof will work as well (but it does not show what is going on and thus falls out of the scope of this question):
Theorem th: forall a b: bool,
fb a b = false -> b = false.
Proof.
intros [] [] H; easy.
Qed.
and this is syntactic sugar for the same proof:
Theorem th: forall a b: bool,
fb a b = false -> b = false.
Proof.
now intros [] [] H.
Qed.

Related Links

Coq: remove constructor from both sides of goal
Split conjunction goal into subgoals
Idiomatically expressing “The Following Are Equivalent” in Coq
What are the possible ways to define parallel composition in Coq apart from using list?
Defining a finite automata Coq
Proving even + even = even with mutual induction using tactics
Rewriting hypothesis with a more concrete expression
Coq rewriting using lambda arguments
How to rewrite a goal using function definition?
coqtop -lv (version 8.6) no longer displaying proof subgoals?
Coq beginner - Prove a basic lemma
How to do induction differently?
Is is possible to implement a Coq tactic that inspects a HintDb? If so, how?
Need help on proving proposition in Coq
Folding back after unfolding
Could coq derive this solution automatically? Can coq manipulate algebraic expressions when performing the search for a proof?

Categories

HOME
sendgrid
winforms
client
asp.net-core
coq
netsuite
netbeans
urbancode
c#-4.0
syntax
cplex
webstorm
rsync
leon
electronics
win32gui
constraint-programming
podio
slurm
rascal
postgres-xl
google-cloud-spanner
zend-framework3
php-7.1
windows-azure-storage
spring-tool-suite
vb.net-2010
visual-studio-2005
fallback
django-simple-history
fatal-error
google-static-maps
firefox-webextensions
captiveportal
php-openssl
rundeck
bootstrap-duallistbox
kannel
react-css-modules
google-cloud-nl
srcset
madlib
phonegap
vsts-build-task
hybridauth
form-data
ghost4j
rotational-matrices
amazon-kinesis-kpl
gesture
xenforo
elasticsearch-plugin
bootstrapper
mesos-chronos
ensembles
sfdc
janrain
midl
qwt
hibernate-tools
multipeer-connectivity
celery-task
ionicons
statsd
feeds
django-scheduler
wdf
elements
url-masking
login-control
measures
thrust
contact-list
fadeout
rhino-servicebus
ptrace
natvis
unity-networking
r-tree
jms2
retina
spidermonkey
dukescript
muse
0xdbe
appfabric-cache
iiviewdeckcontroller
pick
heisenbug
braille
jboss-weld
balanced-payments
ms-project-server-2010
runtime.exec
eclipse-memory-analyzer
isnullorempty
quickdialog
rdoc
gdata-api
removeclass
boost-filesystem
data-loss
locationlistener
self-extracting
mysql-error-1005
html-input
paster
web-application-design
suppress
jquery-ui-droppable
forums
putchar
misv
ntvdm.exe

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App