(** * Logic: Logic in Coq *) Set Warnings "-notation-overridden,-parsing". Set Warnings "-deprecated-hint-without-locality". Require Nat. From LF Require Export Tactics. Check (fun (m n : nat) => m = n). Check (fun (P Q : Prop) => P -> Q). Check (fun (n : nat) => n = 2). Check (forall n m : nat, n + m = m + n) : Prop. Check 2 = 2 : Prop. Check 3 = 2 : Prop. Check forall n : nat, n = 2 : Prop. Theorem plus_2_2_is_4 : 2 + 2 = 4. Proof. reflexivity. Qed. Definition plus_claim : Prop := 2 + 2 = 4. Check plus_claim : Prop. Theorem plus_claim_is_true : plus_claim. Proof. unfold plus_claim. simpl. reflexivity. Qed. Definition is_three (n : nat) : Prop := n = 3. Check is_three : nat -> Prop. Definition injective {A B} (f : A -> B) := forall x y : A, f x = f y -> x = y. Lemma succ_inj : injective S. Proof. intros n m H. injection H as H1. apply H1. Qed. (** [a = b] is notation for [eq a b] *) Check @eq : forall A : Type, A -> A -> Prop. (* ################################################################# *) (** * Logical Connectives *) (* ================================================================= *) (** ** Conjunction *) Example and_example : 3 + 4 = 7 /\ 2 * 2 = 4. Proof. split. - (* 3 + 4 = 7 *) reflexivity. - (* 2 * 2 = 4 *) reflexivity. Qed. Check @conj : forall A B : Prop, A -> B -> A /\ B. Example and_example' : 3 + 4 = 7 /\ 2 * 2 = 4. Proof. apply conj. - (* 3 + 4 = 7 *) reflexivity. - (* 2 + 2 = 4 *) reflexivity. Qed. (** **** Exercise: *) Example and_exercise : forall n m : nat, n + m = 0 -> n = 0 /\ m = 0. Proof. (* FILL IN HERE *) Admitted. (** [] *) Lemma and_example2 : forall n m : nat, n = 0 /\ m = 0 -> n + m = 0. Proof. intros n m H. destruct H as [Hn Hm]. rewrite Hn. rewrite Hm. reflexivity. Qed. Lemma and_example2' : forall n m : nat, n = 0 /\ m = 0 -> n + m = 0. Proof. intros n m [Hn Hm]. rewrite Hn. rewrite Hm. reflexivity. Qed. (** P /\ Q -> R P -> Q -> R *) Lemma and_example2'' : forall n m : nat, n = 0 -> m = 0 -> n + m = 0. Proof. intros n m Hn Hm. rewrite Hn. rewrite Hm. reflexivity. Qed. Lemma proj1 : forall P Q : Prop, P /\ Q -> P. Proof. intros P Q HPQ. destruct HPQ as [HP _]. apply HP. Qed. (** **** Exercise: *) Lemma proj2 : forall P Q : Prop, P /\ Q -> Q. Proof. (* FILL IN HERE *) Admitted. (** [] *) Theorem and_commut : forall P Q : Prop, P /\ Q -> Q /\ P. Proof. intros P Q [HP HQ]. split. - (* left *) apply HQ. - (* right *) apply HP. Qed. (** **** Exercise: *) Theorem and_assoc : forall P Q R : Prop, P /\ (Q /\ R) -> (P /\ Q) /\ R. Proof. intros P Q R [HP [HQ HR]]. (* FILL IN HERE *) Admitted. (** [] *) Check and : Prop -> Prop -> Prop. (* ================================================================= *) (** ** Disjunction *) Check or. Check (fun P Q => P \/ Q). Lemma factor_is_O: forall n m : nat, n = 0 \/ m = 0 -> n * m = 0. Proof. intros n m H. destruct H as [Hn | Hm]. - (* Here, [n = 0] *) rewrite Hn. reflexivity. - (* Here, [m = 0] *) rewrite Hm. rewrite <- mult_n_O. reflexivity. Qed. Lemma or_intro_l : forall A B : Prop, A -> A \/ B. Proof. intros A B HA. left. apply HA. Qed. Lemma zero_or_succ : forall n : nat, n = 0 \/ n = S (pred n). Proof. intros [|n']. - left. reflexivity. - right. reflexivity. Qed. (** **** Exercise: *) Lemma mult_is_O : forall n m, n * m = 0 -> n = 0 \/ m = 0. Proof. (* FILL IN HERE *) Admitted. (** [] *) (** **** Exercise: *) Theorem or_commut : forall P Q : Prop, P \/ Q -> Q \/ P. Proof. (* FILL IN HERE *) Admitted. (** [] *) (* ================================================================= *) (** ** Falsehood and Negation *) Module NotPlayground. Definition not (P:Prop) := P -> False. Check not : Prop -> Prop. Notation "~ x" := (not x) : type_scope. End NotPlayground. Theorem ex_falso_quodlibet : forall (P:Prop), False -> P. Proof. intros P contra. destruct contra. Qed. (** **** Exercise: *) Theorem not_implies_our_not : forall (P:Prop), ~ P -> (forall (Q:Prop), P -> Q). Proof. (* FILL IN HERE *) Admitted. (** [] *) (** Notation "x <> y" := (~(x = y)). *) Theorem zero_not_one : 0 <> 1. Proof. unfold not. intros contra. discriminate contra. Qed. Theorem not_False : ~ False. Proof. unfold not. intros H. destruct H. Qed. Theorem contradiction_implies_anything : forall P Q : Prop, (P /\ ~P) -> Q. Proof. intros P Q [HP HNA]. unfold not in HNA. apply HNA in HP. destruct HP. Qed. (** Exercise: *) Theorem double_neg : forall P : Prop, P -> ~~P. Proof. (* FILL IN HERE *) Admitted. (** **** Exercise: *) Theorem contrapositive : forall (P Q : Prop), (P -> Q) -> (~Q -> ~P). Proof. (* FILL IN HERE *) Admitted. (** [] *) (** **** Exercise: *) Theorem not_both_true_and_false : forall P : Prop, ~ (P /\ ~P). Proof. (* FILL IN HERE *) Admitted. (** [] *) Theorem not_true_is_false : forall b : bool, b <> true -> b = false. Proof. intros b H. destruct b eqn:HE. - (* b = true *) unfold not in H. apply ex_falso_quodlibet. apply H. reflexivity. - (* b = false *) reflexivity. Qed. Theorem not_true_is_false' : forall b : bool, b <> true -> b = false. Proof. intros [] H. (* note implicit [destruct b] here *) - (* b = true *) unfold not in H. exfalso. (* <=== *) apply H. reflexivity. - (* b = false *) reflexivity. Qed. (* ================================================================= *) (** ** Truth *) Lemma True_is_true : True. Proof. apply I. Qed. Definition disc_fn (n: nat) : Prop := match n with | O => True | S _ => False end. Theorem disc_example : forall n, ~ (O = S n). Proof. intros n H1. assert (H2 : disc_fn O). { simpl. apply I. } rewrite H1 in H2. simpl in H2. apply H2. Qed. (* ================================================================= *) (** ** Logical Equivalence *) Module IffPlayground. Definition iff (P Q : Prop) := (P -> Q) /\ (Q -> P). Notation "P <-> Q" := (iff P Q) (at level 95, no associativity) : type_scope. End IffPlayground. Lemma not_true_iff_false : forall b, b <> true <-> b = false. Proof. intros b. split. - (* -> *) apply not_true_is_false. - (* <- *) intros H. rewrite H. intros H'. discriminate H'. Qed. Lemma apply_iff_example1: forall P Q R : Prop, (P <-> Q) -> (Q -> R) -> (P -> R). intros P Q R Hiff H HP. apply H. apply Hiff. apply HP. Qed. Lemma apply_iff_example2: forall P Q R : Prop, (P <-> Q) -> (P -> R) -> (Q -> R). intros P Q R Hiff H HQ. apply H. apply Hiff. apply HQ. Qed. (** **** Exercise: Using the above proof that [<->] is symmetric ([iff_sym]) as a guide, prove that it is also reflexive and transitive. *) Theorem iff_refl : forall P : Prop, P <-> P. Proof. (* FILL IN HERE *) Admitted. Theorem iff_trans : forall P Q R : Prop, (P <-> Q) -> (Q <-> R) -> (P <-> R). Proof. (* FILL IN HERE *) Admitted. (** [] *) (* ================================================================= *) (** ** Setoids and Logical Equivalence *) From Coq Require Import Setoids.Setoid. Lemma mul_eq_0 : forall n m, n * m = 0 <-> n = 0 \/ m = 0. Proof. Admitted. Theorem or_assoc : forall P Q R : Prop, P \/ (Q \/ R) <-> (P \/ Q) \/ R. Proof. Admitted. Lemma mul_eq_0_ternary : forall n m p, n * m * p = 0 <-> n = 0 \/ m = 0 \/ p = 0. Proof. intros n m p. rewrite mul_eq_0. rewrite mul_eq_0. rewrite or_assoc. reflexivity. Qed. (* ================================================================= *) (** ** Existential Quantification *) (** To prove [exists x, P], 1. provide a suitabe x 2. show that P holds for your choice of x *) Definition Even x := exists n : nat, x = double n. Lemma four_is_Even : Even 4. Proof. unfold Even. exists 2. reflexivity. Qed. Theorem exists_example_2 : forall n, (exists m, n = 4 + m) -> (exists o, n = 2 + o). Proof. intros n [m Hm]. (* note the implicit [destruct] here *) exists (2 + m). apply Hm. Qed. (** **** Exercise: Prove that "[P] holds for all [x]" implies "there is no [x] for which [P] does not hold." (Hint: [destruct H as [x E]] works on existential assumptions!) *) Theorem dist_not_exists : forall (X:Type) (P : X -> Prop), (forall x, P x) -> ~ (exists x, ~ P x). Proof. (* FILL IN HERE *) Admitted. (** [] *) (* ################################################################# *) (** * Programming with Propositions *) Fixpoint In {A : Type} (x : A) (l : list A) : Prop := match l with | [] => False | x' :: l' => x' = x \/ In x l' end. Example In_example_1 : In 4 [1; 2; 3; 4; 5]. Proof. simpl. right. right. right. left. reflexivity. Qed. Example In_example_2 : forall n, In n [2; 4] -> exists n', n = 2 * n'. Proof. simpl. intros n [H | [H | []]]. - exists 1. rewrite <- H. reflexivity. - exists 2. rewrite <- H. reflexivity. Qed. Theorem In_map : forall (A B : Type) (f : A -> B) (l : list A) (x : A), In x l -> In (f x) (map f l). Proof. intros A B f l x. induction l as [|x' l' IHl']. - (* l = nil, contradiction *) simpl. intros []. - (* l = x' :: l' *) simpl. intros [H | H]. + rewrite H. left. reflexivity. + right. apply IHl'. apply H. Qed. (* ################################################################# *) (** * Applying Theorems to Arguments *) Check plus : nat -> nat -> nat. Check @rev : forall X, list X -> list X. Check add_comm : forall n m : nat, n + m = m + n. Lemma add_comm3 : forall x y z, x + (y + z) = (z + y) + x. Proof. intros x y z. rewrite add_comm. rewrite add_comm. (* We are back where we started... *) Abort. Lemma add_comm3_take2 : forall x y z, x + (y + z) = (z + y) + x. Proof. intros x y z. rewrite add_comm. assert (H : y + z = z + y). { rewrite add_comm. reflexivity. } rewrite H. reflexivity. Qed. Lemma add_comm3_take3 : forall x y z, x + (y + z) = (z + y) + x. Proof. intros x y z. rewrite add_comm. rewrite (add_comm y z). reflexivity. Qed. (** Please look at the other examples in this chapter yourselves *) (* ################################################################# *) (** * Working with Decidable Properties *) (** Key differences between [bool] and [Prop]: bool Prop ==== ==== decidable? yes no useable with match? yes no works with rewrite tactic? no yes *) (** Since [Prop] includes _both_ decidable and undecidable properties, we have two choices when we want to formalize a property that happens to be decidable: we can express it either as a boolean computation or as a function into [Prop]. *) Example even_42_bool : even 42 = true. Proof. reflexivity. Qed. Example even_42_prop : Even 42. Proof. unfold Even. exists 21. reflexivity. Qed. (** They coincide! *) Lemma even_double : forall k, even (double k) = true. Proof. intros k. induction k as [|k' IHk']. - reflexivity. - simpl. apply IHk'. Qed. Lemma even_double_conv : forall n, exists k, n = if even n then double k else S (double k). Proof. (** Try at home! *) Admitted. Theorem even_bool_prop : forall n, even n = true <-> Even n. Proof. intros n. split. - intros H. destruct (even_double_conv n) as [k Hk]. rewrite Hk. rewrite H. exists k. reflexivity. - intros [k Hk]. rewrite Hk. apply even_double. Qed. (** The boolean computation [even n] is _reflected_ in the proposition [exists k, n = double k]. *) Theorem eqb_eq : forall n1 n2 : nat, n1 =? n2 = true <-> n1 = n2. Proof. intros n1 n2. split. - apply eqb_true. - intros H. rewrite H. rewrite eqb_refl. reflexivity. Qed. (** Which one to use: boolean- or Prop-valued functions? *) Fail Definition is_even_prime n := if n = 2 then true else false. Definition is_even_prime n := if n =? 2 then true else false. (** _Proof by reflection_ *) Example even_1000 : Even 1000. Proof. unfold Even. exists 500. reflexivity. Qed. Example even_1000' : even 1000 = true. Proof. reflexivity. Qed. Example even_1000'' : Even 1000. Proof. apply even_bool_prop. reflexivity. Qed. Example not_even_1001 : even 1001 = false. Proof. reflexivity. Qed. (** Easier to prove via reflection *) Example not_even_1001' : ~(Even 1001). Proof. rewrite <- even_bool_prop. unfold not. simpl. intro H. discriminate H. Qed. Lemma plus_eqb_example : forall n m p : nat, n =? m = true -> n + p =? m + p = true. Proof. intros n m p H. rewrite eqb_eq in H. rewrite H. rewrite eqb_eq. reflexivity. Qed. (** **** Exercise: The following theorem is an alternate "negative" formulation of [eqb_eq] that is more convenient in certain situations. Hint: [not_true_iff_false]. *) Theorem eqb_neq : forall x y : nat, x =? y = false <-> x <> y. Proof. (* FILL IN HERE *) Admitted. (** [] *) (* ################################################################# *) (** * The Logic of Coq *) (* ================================================================= *) (** ** Functional Extensionality *) Example function_equality_ex1 : (fun x => 3 + x) = (fun x => (pred 4) + x). Proof. reflexivity. Qed. (** In common mathematical practice, two functions [f] and [g] are considered equal if they produce the same output on every input: (forall x, f x = g x) -> f = g This is known as the principle of _functional extensionality_. *) Example function_equality_ex2 : (fun x => plus x 1) = (fun x => plus 1 x). Proof. Fail reflexivity. (* Stuck *) Abort. (** However, if we like, we can add functional extensionality to Coq's core using the [Axiom] command. *) Axiom functional_extensionality : forall {X Y: Type} {f g : X -> Y}, (forall (x:X), f x = g x) -> f = g. Example function_equality_ex2 : (fun x => plus x 1) = (fun x => plus 1 x). Proof. apply functional_extensionality. intros x. apply add_comm. Qed. Print Assumptions function_equality_ex2. (* ================================================================= *) (** ** Classical vs. Constructive Logic *) Definition excluded_middle := forall P : Prop, P \/ ~ P. Theorem restricted_excluded_middle : forall P b, (P <-> b = true) -> P \/ ~ P. Proof. intros P [] H. - left. rewrite H. reflexivity. - right. rewrite H. intros contra. discriminate contra. Qed. Theorem restricted_excluded_middle_eq : forall (n m : nat), n = m \/ n <> m. Proof. intros n m. apply (restricted_excluded_middle (n = m) (n =? m)). symmetry. apply eqb_eq. Qed.