I've been stuck on a particular predicate logic problem (using Coq) for a long time. I've solved 30-40 predicate logic problems already but with this one I just can't figure it out.
This is the problem:
~all x, (P(x) / (Q(x) -> T(x))) -> ~all x, T(x).
Or in box form
Can anyone send me in the right direction? Thanks!
Edit:
This is the coq code for the problem:
Variables P Q T : D -> Prop.
Theorem pred_015 : ~all x, (P(x) \/ (Q(x) -> T(x))) -> ~all x, T(x).
Proof.
imp_i H.
Qed.
It looks to me like your are using some very old version of Coq.
After adding a missing declaration for D, and replacing all with forall, we get a statement that does not look provable.
However, if I had a set of parentheses, I get a goal that is now provable. See the following code:
Variable D : Set.
Variables P Q T : D -> Prop.
Theorem pred_015 : (~forall x, (P(x) \/ (Q(x) -> T(x)))) -> ~forall x, T(x).
Proof.
Now, I don't think I should be giving the solution to this here, in public, but it's quite easy if you remember that ~H is defined as H -> False.
Related
I have an axiom
Parameter set : Type.
Parameter IN : set->set->Prop.
Axiom AXIOM_OF_SUBSETS :
forall prop x, exists y, forall u,
IN u y <-> IN u x /\ (prop u)
.
Now I would like to build an empty set out of this, like
Definition EMPTYSET : set.
Check (AXIOM_OF_SUBSETS (fun _ : set => False) x).
The result of Check is:
AXIOM_OF_SUBSETS (fun _ : set => False) x
: exists y : set,
forall u : set, IN u y <-> IN u x /\ False
Is there a way to define an EMPTYSET in this situation?
I have found a very simple, but dangerous solution for this:
Just change Parameter set : Type. to Parameter set : Prop..
It worked well at least for axioms, lemmas and theorems that I have written so far.
Will this be the right way to resolve the issue for the rest of the program?
For the problem right above, refer to the https://github.com/coq/coq/wiki/Prop_or_Set .
I take it that you want to formalize Zermelo-Fraenkel set theory in Coq. There are two issues with your code:
In order to apply your axiom, you need to have some set lying around. (Your code mentions a variable x that is not defined anywhere.) One popular option is to combine the axiom of subsets with another axiom that guarantees the existence of some set, such as the axiom of infinity. If you go this way, you need to declare this axiom explicitly.
Coq does not allow the axiom of choice by default. As a result, it is not possible to extract a witness of an existence proof, and to define EMPTYSET based on the proof term you gave. You can solve this issue by either assuming the axiom of choice (check singleton_choice in Coq.Logic.ClassicalChoice (https://coq.github.io/doc/master/stdlib/Coq.Logic.ClassicalChoice.html)), or by slightly changing your formulation of your axiom to avoid the existential quantifier.
Axiom set : Type.
Axiom In : set -> set -> Prop.
Axiom comprehension : (set -> Prop) -> set -> set.
Axiom comprehension_spec :
forall prop x u, In u (comprehension prop x) <-> In u x /\ prop u.
Is there an easy way to prove the following in Coq such as using only assumptions?
(P -> (Q /\ R)) -> (~Q) -> ~P
The question is a bit vague... Do you wonder if it is possible (yes), what the answer is (see Arthur's comment above), or how to think about solving these problems?
In the latter case, remember that the goal is to create a "lambda-term" with the specified type. You can either use "tactics" which are helping you construct the term "from the outside and inwards. It is good to do it by hand a couple of times to understand what is going on and what the tactics really do, which I think is why you are given this exercise.
If you look at your example,
(P -> (Q /\ R)) -> (~Q) -> ~P
you can see that it is a function of three (!) arguments. It is because the last type ~P really means P -> False, so the types of the arguments to the function that you need to create are
P -> (Q /\ R)
Q -> False
P
and the function should construct a term of type
False
You can create a term fun A B C => _ where A, B, C has the types above, (this is what the tactic intros does), and you need to come up with a term that should go into the hole _ by combining the terms A, B, C and the raw gallina constructions.
In this case, when you have managed to create a term of type Q /\ R you will have to "destruct" it to get the term of type Q, (Hint: for that you will have to use the match construction).
Hope this helps without spoiling the fun!
I know excluded middle is impossible in the logic of construction. However, I am stuck when I try to show it in Coq.
Theorem em: forall P : Prop, ~P \/ P -> False.
My approach is:
intros P H.
unfold not in H.
intuition.
The system says following:
2 subgoals
P : Prop
H0 : P -> False
______________________________________(1/2)
False
______________________________________(2/2)
False
How should I proceed?
Thanks
What you are trying to construct is not the negation of LEM, which would say "there exists some P such that EM doesn't hold", but the claim that says that no proposition is decidable, which of course leads to a trivial inconsistency:
Axiom not_lem : forall (P : Prop), ~ (P \/ ~ P).
Goal False.
now apply (not_lem True); left.
No need to use the fancy double-negation lemma; as this is obviously inconsistent [imagine it would hold!]
The "classical" negation of LEM is indeed:
Axiom not_lem : exists (P : Prop), ~ (P \/ ~ P).
and it is not provable [otherwise EM wouldn't be admissible], but you can assume it safely; however it won't be of much utility for you.
One cannot refute the law of excluded middle (LEM) in Coq.
Let's suppose you proved your refutation of LEM. We model this kind of situation by postulating it as an axiom:
Axiom not_lem : forall (P : Prop), ~ (P \/ ~ P).
But then we also have a weaker version (double-negated) of LEM:
Lemma not_not_lem (P : Prop) :
~ ~ (P \/ ~ P).
Proof.
intros nlem. apply nlem.
right. intros p. apply nlem.
left. exact p.
Qed.
These two facts together would make Coq's logic inconsistent:
Lemma Coq_would_be_inconsistent :
False.
Proof.
apply (not_not_lem True).
apply not_lem.
Qed.
I'm coming from mathoverflow, but I don't have permission to comment on #Anton Trunov's answer. I think his answer is unjust, or at least incomplete: he hides the following "folklore":
Coq + Impredicative Set + Weak Excluded-middle -> False
This folklore is a variation of the following facts:
proof irrelevance + large elimination -> false
And Coq + Impredicative Set is canonical, soundness, strong normalization, So it is consistent.
Coq + Impredicative Set is the old version of Coq. I think this at least shows that the defense of the LEM based on double negative translation is not that convincing.
If you want to get information about the solutions, you can get it from here https://github.com/FStarLang/FStar/issues/360
On the other hand, you may be interested in the story of how Coq-HoTT+UA went against LEM∞...
=====================================================
Ok, let's have some solutions.
use command-line flag -impredicative-set, or the install old version(<8.0) of coq.
excluded-middle -> proof-irrelevance
proof-irrelevance -> False
Or you can work with standard coq + coq-hott.
install coq-hott
Univalence + Global Excluded-middle (LEM∞) -> False
It is not recommended that you directly click on the code in question without grasping the specific concept.
I skipped a lot about meta-theoretic implementations, such as Univalence not being computable in Coq-HoTT but only in Agda-CuTT, such as the consistency proof for Coq+Impredicative Set/Coq-HoTT.
However, metatheoretical considerations are important. If we just want to get an Anti-LEM model and don't care about metatheory, then we can use "Boolean-valued forcing" in coq to wreak havoc on things that only LEM can introduce, such as "every function about real set is continuous", Dedekind infinite...
But this answer ends there.
For some reason, my Coq file will not compile. I am using CoqIDE on Windows 10. When I use the Compile->Compile buffer tool, I get
On the other hand, when I use the Compile->Make tool, I get
The entire code for the file is given in the picture. It is also included below. Is there something it is missing? I looked high and low for some explanation of what was going on. All I found was this ominous statement from the Coq GitHub page:
"It is far from an easy task to compile Coq on Windows. Do not attempt unless you are a real Windows guru. If you need to work with non-released versions of Coq, or if you simply want to make your life easier, you may consider installing Coq into a virtualized Linux, as described below."
Module No1.
(*We first give the axioms of Principia
for the propositional calculus in *1.*)
Axiom MP1_1 : forall P Q : Prop,
(P -> Q)->P -> Q. (*Modus ponens*)
(*I did not bother with *1.11, which is
MP for propositions containing variables.*)
Axiom Taut1_2 : forall P : Prop,
P \/ P-> P. (*Tautology*)
Axiom Add1_3 : forall P Q : Prop,
Q -> Q \/ P. (*Addition*)
Axiom Perm1_4 : forall P Q : Prop,
P \/ Q -> Q \/ P. (*Permutation*)
Axiom Assoc1_5 : forall P Q R : Prop,
P \/ (Q \/ R) -> (P \/ Q) \/ R.
Axiom Sum1_6: forall P Q R : Prop,
(Q -> R) -> (Q \/ R -> P \/ R).
(*These are all the propositional axioms
of Principia Mathematica.*)
End No1.
Compiling a Coq program is verifying the proof. Often the compiled proof is never "run" like most other languages, it is just checked if it compiles, and it seems like your code does compile.
The message you found on Github is talking about compiling the Coq binaries, not a Coq source file like you are doing.
So I am still new to coq and MSets are giving me some issues. Here are two functions to compute whether an element is in a list or set, please let me know if you think the set_contains definition is correct or if there is a better way to do it. Thanks for any help.
Require Import MSets ZArith.
Module mset := MSetAVL.Make Positive_as_OT.
Notation pos_set := mset.t.
Definition set_contains (x : positive) (s : pos_set) :=
mset.mem x s.
Fixpoint list_contains (x : positive) (l : list positive) : bool :=
match l with
| nil => false
| y :: l' =>
if Pos.eqb x y then true
else nodelist_contains x l'
end.
Lemma nodelist_nodeset_contains :
forall x (s : pos_set),
(nodelist_contains x (mset.elements s)) = (nodeset_contains x s).
Proof.
induction s.
destruct list_contains.
destruct set_contains.
auto.
It seems that set_contains evaluates to true at the base case after the destructs and i'm not sure why. Would the set not be mset.empty during that stage of the proof?
I also do not know how to work with the mset.In, I have trouble with the base case of this proof, obviously I have the same problem. I want to eventually state:
Lemma nodelist_containsP :
forall x (l : pos_set),
reflect (mset.In x l) (nodeset_contains x l).
In case anyone is interested here is how I did this proof.
intros.
apply iff_reflect.
unfold nodeset_contains.
symmetry.
apply mset.mem_spec.
Qed.
list_contains and set_contains are functions so it does not make sense to try to destruct them. Coq tries to infer what you meant and guesses that you want to case on the value of an expression starting with list_contains and set_contains respectively.
This is not what you want. What you want is to observe the behaviour of the two functions on the same input. And you can do so by inspecting it.
This should send you in the right direction:
destruct s as [mset mset_isok].
induction mset.
+ unfold set_contains, mset.mem.
simpl.
reflexivity.
+ unfold list_contains, set_contains, mset.mem.
simpl.