Induction.v
Table of Contents
Homepage | Previous: Basics.v | Code | Next: Lists.v
1. Summary
In this chapter we quickly go over proofs by induction. We introduce the induction and assert tactics. Finally, having now been familiar with Coq proofs, we reflect on the differences between formal and informal mathematical proofs.
1.1. Terms
proof by induction, induction tactic, induction hypothesis, principle of induction, sub-theorems, assert tactic, formal proof, informal proof, proofs as communication
2. Proof by Induction: induction tactic
So far, we’ve done proof by simplification, rewriting, case analysis – done using several tactics: reflexivity, simpl, intro, rewrite, destruct.
We have learnt how to close goals by reflexivity, introduce variables and hypotheses, use previous theorems and assumptions, advance the proof by simplifying (computation), and break down goals into subgoals by casing on type constructors.
We have also briefly learned how to unfold, and how to deal with contradictions.
In this chapter, we will learn a classic proof technique: induction.
From the chapter:
Recall (from a discrete math course, probably) the principle of induction over natural numbers: If
P(n)is some proposition involving a natural numbernand we want to show thatPholds for all numbersn, we can reason like this:
- show that
P(O)holds;- show that, for any
n', ifP(n')holds, then so doesP(S n');- conclude that
P(n)holds for alln.In Coq, the steps are the same: we begin with the goal of proving
P(n)for allnand break it down (by applying theinductiontactic) into two separate subgoals: one where we must showP(O)and another where we must showP(n') -> P(S n').
The induction tactic is quite straightforward. It also takes an as annotation - setting the variable names for the “next element” in the inductive step and the induction hypothesis.
Theorem minus_n_n : forall n, minus n n = 0. Proof. intros n. induction n as [| n' IHn']. - simpl. reflexivity. - simpl. rewrite -> IHn'. reflexivity. Qed.
Note that intros n is redundant here - induction n ... already introduces n to the context.
3. Proofs within Proofs: assert tactic
We can use the assert tactic in order to create an anonymous “sub-theorem” within a proof.
This mimics “informal” mathematics, where large proofs are broken into a sequence of theorems – and some of these theorems will be too trivial or of little general interest to bother giving it a name.
Theorem mult_0_plus' : forall n m : nat, (n + 0 + 0) * m = n * m. Proof. intros n m. assert (H: n + 0 + 0 = n). { rewrite add_comm. simpl. rewrite add_comm. reflexivity. }4 rewrite -> H. reflexivity. Qed.
4. assert for smarter rewrites
Too often, rewrite applies rewrites in unintended places.
Here, we want to prove that (n + m) + (p + q) = (m + n) + (p + q). The only difference between the two sides of the = is n + m vs. m + n – it would be enough to use commutativity of addition: add_comm. But there are three uses of + here, and it turns out that rewrite -> add_comm will target the outer + and not what we wanted: (n + m).
To get through this, we use assert to create a local lemma stating that n + m = m + n, and then rewrite the original equation with the lemma.
Theorem plus_rearrange : forall n m p q : nat, (n + m) + (p + q) = (m + n) + (p + q). Proof. intros n m p q. assert (H: n + m = m + n). { rewrite add_comm. reflexivity. } rewrite H. reflexivity. Qed.
5. replace tactic
An alternative to assert is replace.
The
replacetactic allows you to specify a particular subterm to rewrite and what you want it rewritten to:replace (t) with (u)replaces (all copies of) expressiontin the goal by expressionu, and generatest = uas an additional subgoal. This is often useful when a plainrewriteacts on the wrong part of the goal.
6. Formal vs. Informal Proof
Informal proofs are algorithms; formal proofs are code.
What counts as a proof of a mathematical claim?
This has been a question philosophers have been debating - the authors argue that a proof is an act of communication (to instill in the audience the certainty that P is true).
The authors continue the communication analogy:
Authors communicate to their readers. The reader can be a human person, or it could be a program like Coq.
Proofs for humans will be written in natural language, and is therefore informal. Even though such mathematical proofs may be considered “rigorous”, the fact that they are in natural language, which has a lot of ambiguityl, means that such proofs are informal by nature. A formal proof uses formal language, and sticks closely to a well-established syntax and semantics.
There are also different kinds of math readers depending on their expertise. As proofs are an act of communication, and communication depends on context, (informal) proofs can be written in different styles or phrasings to accomodate their audience.
An excerpt for the different kinds of audiences:
(…) A “valid” proof is one that makes the reader believe
P. But the same proof may be read by many different readers, some of whom may be convinced by a particular way of phrasing the argument, while others may not be. Some readers may be particularly pedantic, inexperienced, or just plain thick-headed; the only way to convince them will be to make the argument in painstaking detail. But other readers, more familiar in the area, may find all this detail so overwhelming that they lose the overall thread; all they want is to be told the main ideas, since it is easier for them to fill in the details for themselves than to wade through a written presentation of them.
The following is the most important point about informal proofs.
Ultimately, there is no universal standard, because there is no single way of writing an informal proof that is guaranteed to convince every conceivable reader.
Proofs written for “machines” like Coq, i.e. formal proofs, are mechanically derived from a certain set of formal logical rules (which?), and the proof is a recipe that guides the program in checking this fact.
A formal proof carries in it a mechanical way of verifying that the proof holds.
Formal proofs are useful in many ways, but they tend to not be very efficient ways of communicating ideas between human beings.
From https://en.wikipedia.org/wiki/Proof_theory#Formal_and_informal_proof:
Formal proofs are constructed with the help of computers in interactive theorem proving. Significantly, these proofs can be checked automatically, also by computer. Checking formal proofs is usually simple, whereas finding proofs (automated theorem proving) is generally hard. An informal proof in the mathematics literature, by contrast, requires weeks of peer review to be checked, and may still contain errors.
7. Exercises
7.1. basic_induction
mul_0_r: Proved using induction on `n` and the base case simplifies directly.plus_n_Sm: Used induction on `n` and rewrote the hypothesis to match the goal.add_comm: Inductive proof on `n`, usingplus_n_Smand previously proven results.add_assoc: Used induction on `n` and rewrote the hypothesis.
7.2. double_plus
- Solution: Proved using induction on `n` and simplified by rewriting
plus_n_Sm.
7.3. eqb_refl
- Solution: Induction on `n`, with each case simplifying easily.
7.4. even_S
- Solution: Induction on `n` and used properties of
negbto simplify.
7.5. add_comm_informal
- Solution: Translated the proof of
add_comminto an informal, human-readable format.
7.6. eqb_refl_informal
- Solution: Translated the proof of
eqb_reflinto informal reasoning based on induction.
7.7. add_shuffle3
- Solution: Used
assertto prove a subgoal about commutativity, then rewrote the goal.
7.8. mul_comm
- Solution: Induction on `n` and proved helper lemmas, including a distributive property of multiplication.
7.9. plus_leb_compat_l
- Solution: Induction on `p` and rewriting the hypothesis
n <? m = true= to prove the goal.
7.10. more_exercises
leb_refl: Induction on `n` and simplified using the hypothesis.zero_neqb_S: Simplified directly withdestruct.andb_false_r: Solved usingdestructon the boolean.S_neqb_0: Simplified directly with reflexivity.mult_1_l: Simplified using the properties of addition and multiplication.all3_spec: Proved usingdestructon the booleans to handle cases.left_precedence: Solved using reflexivity.mult_plus_distr_r: Induction on `p` and used helper lemmas about addition and multiplication.mult_assoc: Induction on `n` and usedmult_plus_distr_r.
7.11. add_shuffle3'
- Solution: Used
replaceto rewrite the specific part of the goal and proved the equality.
7.12. TODO binary_commute
- Got stuck with this proof. It might be because I use an auxiliary function for my definition of
bin_to_nat.
7.13. TODO nat_bin_nat
- Did not do, got stuck on
binary_commute.
7.14. TODO bin_nat_bin
- Did not do, got stuck on
binary_commute.
7.15. TODO double_bin
- Did not do, relies on
nat_bin_nat.
8. Exercise Scores
| Name | Points | Notes | Completed? |
|---|---|---|---|
basic_induction |
2 | Especially useful | Yes |
double_plus |
2 | Standard | Yes |
eqb_refl |
2 | Standard | Yes |
even_S |
2 | Optional | Yes |
add_comm_informal |
2 | Advanced | Yes |
eqb_refl_informal |
3 | Optional | Yes |
add_shuffle3 |
3 | Especially useful | Yes |
mul_comm |
2 | Standard | Yes |
plus_leb_compat_l |
3 | Optional | Yes |
more_exercises |
2 | Standard | Yes |
add_shuffle3' |
3 | Optional | Yes |
binary_commute |
3 | Standard, Especially useful | No |
nat_bin_nat |
4 | Standard | No |
bin_nat_bin |
2 | Advanced | No |
double_bin |
2 | Advanced | No |
- Total Points: 27/39
9. Questions
9.1. TODO Induction Hypothesis in Coq vs Informal Proofs
In informal proofs, we can use the induction hypothesis P(k) for any k.
That’s how mathematical induction is formalized.
Why is it in Coq, we can’t use the IH from induction for any k?
Theorem s_add_1 : forall n : nat, S n = n + 1. Proof. intros n. induction n as [| n' IHn' ]. - reflexivity. - (** HERE *) Qed.
Ignore the fact that this is a bad proof. At (** HERE *), the goal is to prove that S(S n) = S n' + 1. We have that IHn' : S n' = n' + 1.
In an informal proof, like 15-150 style, I would go ahead and apply the IH for S n' + 1, by letting n' (in the IH) be S n' , so I get n' + 1 + 1.
In Coq, I would’ve assumed this would be done with rewrite <- IHn'. However, I get:
Error: Found no subterm matching "n' +1" in the current goal.
I know why I get the error. It’s pretty clear - there is no matching subterm.
Why the difference from IH in informal proofs vs Coq?
10. Metacognition
The chapter was pretty straightforward. I like the section on formal versus informal proofs. I like reading about metamathematics.
This book, and the course infrastructure, is excellent. There’s a pretty book online, but the better way to learn is by going through the Coq files - the book is derived from the Coq files which have comments.
The exercise notes were created by LLM this time, and so were the exercise scores. I don’t think I lose much by doing so – because if there was something particularly note-worthy about the exercise, I would write it down myself.
The generated notes are still useful for reference.
11. Further Knowledge
The discussion on formal vs informal proofs reminds me of de Bruijn’s vision for the Automath project, which I have written about before. Well, it reminds me of the linguistic turn and analytic philosophy and so on. The Logicomix story.