Coq: a vicious circle with two identical subgoals

Question

Sorry for overcomplicated example. I have

Lemma test : forall x y z : Prop,
 (
     (((x → (y ∨ z)) → (x ∨ y)) ↔ (x ∨ y))
   ∧ (((y → (x ∨ z)) → (x ∨ y)) ↔ (x ∨ y))
   ∧  ((y → (x ∨ z)) → (x ∨ (x → (y ∨ z))))
   ∧  ((x → (y ∨ z)) → (y ∨ (y → (x ∨ z))))
  )  → ((x → (y ∨ z)) → (y ∨ z)).

Doing

Proof.
  intros.
  destruct H.
  destruct H1.
  destruct H2.
  pose proof (H3 H0).

gives

1 goal
x, y, z : Prop
H : ((x → y ∨ z) → x ∨ y) ↔ x ∨ y
H1 : ((y → x ∨ z) → x ∨ y) ↔ x ∨ y
H2 : (y → x ∨ z) → x ∨ (x → y ∨ z)
H3 : (x → y ∨ z) → y ∨ (y → x ∨ z)
H0 : x → y ∨ z
H4 : y ∨ (y → x ∨ z)
______________________________________(1/1)
y ∨ z

I then do destruct H4. and this gives

2 goals
x, y, z : Prop
H : ((x → y ∨ z) → x ∨ y) ↔ x ∨ y
H1 : ((y → x ∨ z) → x ∨ y) ↔ x ∨ y
H2 : (y → x ∨ z) → x ∨ (x → y ∨ z)
H3 : (x → y ∨ z) → y ∨ (y → x ∨ z)
H0 : x → y ∨ z
H4 : y
______________________________________(1/2)
y ∨ z
______________________________________(2/2)
y ∨ z

which I already don't understand: why two identical goals?? I then do left. and obtain

2 goals
x, y, z : Prop
H : ((x → y ∨ z) → x ∨ y) ↔ x ∨ y
H1 : ((y → x ∨ z) → x ∨ y) ↔ x ∨ y
H2 : (y → x ∨ z) → x ∨ (x → y ∨ z)
H3 : (x → y ∨ z) → y ∨ (y → x ∨ z)
H0 : x → y ∨ z
H4 : y
______________________________________(1/2)
y
______________________________________(2/2)
y ∨ z

and then assumption. gives

1 goal
x, y, z : Prop
H : ((x → y ∨ z) → x ∨ y) ↔ x ∨ y
H1 : ((y → x ∨ z) → x ∨ y) ↔ x ∨ y
H2 : (y → x ∨ z) → x ∨ (x → y ∨ z)
H3 : (x → y ∨ z) → y ∨ (y → x ∨ z)
H0 : x → y ∨ z
H4 : y → x ∨ z
______________________________________(1/1)
y ∨ z

Then doing

pose proof (H3 H0).
destruct H5.
left.
assumption.

introduces two identical goals again, and brings me to

1 goal
x, y, z : Prop
H : ((x → y ∨ z) → x ∨ y) ↔ x ∨ y
H1 : ((y → x ∨ z) → x ∨ y) ↔ x ∨ y
H2 : (y → x ∨ z) → x ∨ (x → y ∨ z)
H3 : (x → y ∨ z) → y ∨ (y → x ∨ z)
H0 : x → y ∨ z
H4, H5 : y → x ∨ z
______________________________________(1/1)
y ∨ z

which is identical to a previous state except that I now have two identical premises y → x ∨ z.

I am stuck. Obviously I am doing something wrong, but what?

Can I also advertise that coq has a zulip chat: https://coq.zulipchat.com/ where you can ask any question you like and get feedback from the right people. SO is a bit isolated in some sense. The answer you have at the moment if fine, but if you have any further questions, best to ask on zulip. — Ali Caglayan, Nov 28 '21 at 09:16

score 4 · Answer 1 · answered Nov 28 '21 at 07:33

4

Let us start with your first question. Actually, the two goals that were generated after destruct are not the same. Their conclusions are indeed both y \/ z, but their premises differ: the first one has H4 : y, while the second one has H4 : y -> x \/ z. More generally, if you have a goal of the form

(* ... *)
H : A \/ B
------------
 C

and you do destruct H as [H1 | H2]., you generate the subgoals

(* ... *)
H1 : A
-----------
  C

and

(* ... *)
H2 : B
------------
  C

with identical conclusions.

As for your second question, the issue is probably that you calling pose proof (H3 H0) twice. If you go through your script, you will notice that the hypotheses introduced by that tactic are the same on both calls: y \/ (y -> x \/ z). I suspect that you should have H2 H4 on the second call instead of H3 H0, though I haven't checked.

A final comment: you should letting Coq pick up the names of hypotheses for you, as this leads to unmaintainable proof scripts (see here). Whenever possible, you should use forms such as destruct H as [H1 | H2] instead of destruct H.

answered Nov 28 '21 at 07:33

Arthur Azevedo De Amorim

23,012
3
33
39

Thanks a lot for the explanation! I learned something important from your answer but I still do not understand something essential: how do I keep track of which subgoals correspond to which premises? All I see is a list of premises and a list of subgoals, and I cannot say which premises belong to them. – მამუკა ჯიბლაძე Nov 28 '21 at 09:27
As for your suggestion - I do not see how `pose proof (H2 H4)` would help at that point, since it would give `x \/ (x -> y \/ z)`, while by then I already have `x -> y \/ z`. – მამუკა ჯიბლაძე Nov 28 '21 at 09:29
On the afterthought - but I now realize I also have to agree that doing `pose proof (H3 H0)` at that point is equally useless by the same reason I said: it gives `y \/ (y -> x \/ z)` while I already have `y -> x \/ z` – მამუკა ჯიბლაძე Nov 28 '21 at 14:16
1

The list of hypothesis only applies to the first goal. If you type `admit`, the first goal will be placed momentarily on hold, and the second goal will come into focus. At this point the hypothesis match the second goal. I guess this can be confusing. You should look into [using bullets to manage your goals](https://coq.inria.fr/refman/proofs/writing-proofs/proof-mode.html#bullets). – Ana Borges Nov 28 '21 at 20:59
@ana-borges Aha thanks a lot, this is very useful! – მამუკა ჯიბლაძე Nov 28 '21 at 22:38
@მამუკაჯიბლაძე Oh, I see! Yeah, `H2 H4` might not be the way to go, then... I am afraid I don't have a good enough intuition to see easily how to proceed here. :/ – Arthur Azevedo De Amorim Nov 29 '21 at 00:51

Meven Lennon-Bertrand · Accepted Answer · 2021-11-29T15:44:34.880

This is not only an issue about tactics or understanding how Coq works: your goal is false, as the following demonstrates.

Lemma test : ~ forall x y z : Prop,
 (
     (((x -> (y \/ z)) -> (x \/ y)) <-> (x \/ y))
   /\ (((y -> (x \/ z)) -> (x \/ y)) <-> (x \/ y))
   /\  ((y -> (x \/ z)) -> (x \/ (x -> (y \/ z))))
   /\  ((x -> (y \/ z)) -> (y \/ (y -> (x \/ z))))
  )  -> ((x -> (y \/ z)) -> (y \/ z)).
Proof.
  intros H.
  specialize (H False False False).
  firstorder.
Qed.

In other words, if x, y and z are taken to be False, then all premises to your lemma are valid, but its conclusion does not.

[Edit: How I discovered this] I first tried the firstorder tactic (a decision procedure for such first-order goals) and found that it was not terminating, which got me suspicious. Then I turned to the corresponding goal boolean (using the ssreflect/ssrbool packages), where I could use case splits on x, y and z + computation to check whether the lemma held. Finding out that when the three of them were false the goal reduced to false, I had my counter-example, and then simply turned that back into a propositional counter-example.

Thanks! You saved me of further efforts. Still a question remains, how could Coq help to discover what you found by clever insight. — მამუკა ჯიბლაძე, Nov 29 '21 at 14:23
Added an edit. The conclusion is: computation/automation is wonderful if you leverage it! — Meven Lennon-Bertrand, Nov 29 '21 at 15:45

Coq: a vicious circle with two identical subgoals

2 Answers2