Coq Tactics Index
Stage 1: Proving Easy Goals
reflexivity
assumption
discriminate
constructor
Stage 2: Transforming Your Goal
apply
subst
rewrite
simpl
cut
unfold
Stage 3: Breaking Apart Your Goal
Stage 4: Powerful Automatic Tactics
reflexivity
Use reflexivity
when your goal is to prove that something equals itself.
In this example we will prove that any term x
of type Set
is equal to itself. After we intro the variable we can prove the goal using reflexivity
.
Lemma everything_is_itself: forall x: Set, x = x. Proof. intro. reflexivity. Qed.
1 subgoal
x : Set
-----------(1/1)
x = x
Use it when: your goal is something like a = a
.
Advanced usage: reflexivity
will work even if your goal is not syntactically identical on the left and right side of the equality. Both sides just have to evaluate to the same term.
In this example we will apply reflexivity
to a more complicated math equation: (3 + (0 + 2)) = (1 + 4).
Inductive nat : Set := | O | S : nat -> nat. Fixpoint add (a: nat) (b: nat) : nat := match a with | O => b | S x => S (add x b) end. Lemma complex_math: (add (S (S (S O))) (add O (S (S O)))) = add (S O) (S (S (S (S O)))). Proof. reflexivity. Qed.
No more subgoals.
assumption
If the thing you are trying to prove is already in your context, use assumption
to finish the proof.
In this example we show that if we assume p
we can prove p
. We use assumption
to tell Coq that our goal is already true in our context because we assumed it!
Lemma everything_implies_itself: forall p: Prop, p -> p. Proof. intros. assumption. Qed.
1 subgoal
p : Prop
H : p
-----------(1/1)
p
Use it when: your goal is already in your "context" of terms you already know.
discriminate
If you have an equality in your context that isn't true, you can prove anything using discriminate
.
For discriminate
to work, the terms must be "structurally" different. This means that both terms are elements of an inductive set but they are built differently, using different constructors (e.g. true
and false
, or (S O)
and (S (S O))
).
In this example we show that if we assume true = false
then we can prove anything. Note that we don't specify what a
is, it really can be anything!
Inductive bool: Set := | true | false. Lemma incorrect_equality_implies_anything: forall a, false = true -> a. Proof. intros. discriminate. Qed.
1 subgoal a : Type H : false = true -----------(1/1) a
constructor
When your goal is to show that you can build up a term that has some type and you have a constructor to do just that, use constructor
!
In this example we will prove that two is even. First we say what it means for a number to be even. We define zero to be even, and the proof of that is the term even_O
. The next line says that if we can prove that n
is even than we can also prove that (S (S n))
(or n + 2
) is even.
To prove our lemma, we first call constructor
. Coq sees that our goal matches the rightmost side of a constructor (namely even_S
). Thus it transforms our goal into the left side of that constructor, so instead of proving that (S (S O))
is even now we only need to prove that O
is even. We use constructor
again and this time Coq sees that our goal matches the right side of a different constructor, even_O
. This constructor has no preconditions (since zero is defined to be even, gotta start somewhere) so we are done!
Inductive even : nat -> Prop:= | even_O: even O | even_S: forall n, even n -> even (S(S n)). Lemma two_is_even: even (S (S O)). Proof. constructor. constructor. Qed.
1 subgoal -----------(1/1) even O
Use it when: your goal matches the right side of a constructor for some type.
apply
If we have a hypothesis that says that x
implies y
, we know that to prove y
all we really have to do is prove x
. We can apply
that hypothesis to a goal of y
to transform it into x
.
In this example we prove modus ponens. We know that (p -> q)
and we want to prove q
so we can use apply
the hypothesis to transform the goal from q
into p
. Then we see that p
is already an assumption so we are done!
Lemma modus_ponens: forall p q : Prop, (p -> q) -> p -> q. Proof. intros. apply H. assumption. Qed.
1 subgoal p : Prop q : Prop H : p -> q H0 : p -----------(1/1) q
Use it when: you have a hypothesis where the conclusion (on the right of the arrow) is the same as your goal.
Advanced usage: If we know that x
implies y
and we know that x
is true, we can transform x
into y
in our context using apply
.
In this example we prove modus ponens again. We still have our hypothesis,
H: p -> q
This time we apply
it to a different hypothesis,
H0: p
to turn that hypothesis into q
.
Lemma modus_ponens_again: forall p q : Prop, (p -> q) -> p -> q. Proof. intros. apply H in H0. assumption. Qed.
1 subgoal p : Prop q : Prop H : p -> q H0 : p -----------(1/1) q
subst
If you know that an identifier (name for something) is equal to something else, you can use subst
to substitute the identifier for the other thing.
In this example we know that a = b
and we want to show b = a
. We can use subst
to transform the a
in the goal into a b
, so our goal becomes b = b
. Then we can finish the proof using reflexivity
.
Inductive bool: Set := | true | false. Lemma equality_commutes: forall (a: bool) (b: bool), a = b -> b = a. Proof. intros. subst. reflexivity. Qed.
1 subgoal a : bool b : bool H : a = b -----------(1/1) b = a
Use it when: you want to transform an identifier into an equivalent term.
rewrite
If we know two terms are equal we can transform one term into the other using rewrite
.
While rewrite
is similar to subst
, it also works when both sides of the equality are terms. An identity is just a name like x
, while a term can be more complex, like a function application: (f x)
.
In this example we prove that if we have a function f
and (f x) = (f y)
then (f y) = (f x)
. We use rewrite
to transform (f x)
in our goal into (f y)
and finish the proof using reflexivity
.
Inductive bool: Set := | true | false. Lemma equality_of_functions_commutes: forall (f: bool->bool) x y, (f x) = (f y) -> (f y) = (f x). Proof. intros. rewrite H. reflexivity. Qed.
1 subgoal f : bool -> bool x : bool y : bool H : f x = f y -----------(1/1) f y = f x
Use it when: you know two terms are equivalent and you want to transform one into the other.
Advanced usage: you can also apply rewrite
backwards, and to terms in your context.
Backwards
If we have the hypothesis
H : f x = f y
we can change our goal from f y
into f x
using rewrite
backwards:
rewrite <- H
In context
We can use rewrite H1 in H2
to transform one hypothesis using a different hypothesis.
In this example we prove that equality of function application is transitive. We can use either an in-context rewrite
or a backward rewrite
on the goal.
Inductive bool: Set := | true | false. Lemma equality_of_functions_transits: forall (f: bool->bool) x y z, (f x) = (f y) -> (f y) = (f z) -> (f x) = (f z). Proof. intros. rewrite H0 in H. (* or rewrite <- H0 *) assumption. Qed.
1 subgoal 1 subgoal f : bool -> bool x : bool y : bool z : bool H : f x = f y H0 : f y = f z -----------(1/1) f x = f z
simpl
When we have a complex term we can use simpl
to crunch it down.
In this example we prove that adding zero to any number returns the same number. We use simpl
to "run" the add
function in the goal. Since in the example the first argument to add
is O
, it simplifies the function application to just the result.
Inductive nat : Set := | O | S : nat -> nat. Fixpoint add (a: nat) (b: nat) : nat := match a with | O => b | S x => S (add x b) end. Lemma zero_plus_n_equals_n: forall n, (add O n) = n. Proof. intros. simpl. reflexivity. Qed.
1 subgoal n : nat -----------(1/1) add O n = n
cut
Sometimes to prove a goal you need an extra hypothesis. In this case, you can add the hypothesis using cut
. This allows you to first prove your goal using the new hypothesis, and then prove that the new hypothesis is also true.
In this example we will prove that if x = y
and y = z
then f x = f z
, for any function f
. This is related to transitivity. To prove the goal, we first add the intermediate proposition that x = z
. Then we have to prove that x = z
implies f x = f z
, and that x
is actually equal to z
.
Inductive bool: Set := | true | false. Lemma xyz: forall (f: bool->bool) x y z, x = y -> y = z -> f x = f z. Proof. intros. cut (x = z). - intro. subst. reflexivity. - subst. reflexivity. Qed.
2 subgoals f : bool -> bool x : bool y : bool z : bool H : x = y H0 : y = z ---------(1/2) x = z -> f x = f z ---------(2/2) x = z
Use it when: you want to add an intermediate hypothesis to your proof that will make the proof easier.
unfold
Sometimes you want to look inside a definition. You can use unfold
to change the definition into its right-hand side.
Definition inc (n : nat) : nat := n + 1.
Lemma foo_defn : forall n, inc n = S n.
Proof.
intros n.
(* This doesn't work because rewrite can't "see through" the definition: *)
Fail rewrite <- plus_n_Sm.
unfold inc.
(* Now it works! *)
rewrite <- plus_n_Sm.
rewrite <- plus_n_O.
reflexivity.
Qed.
Use it when: you want to replace a definition with its body.
destruct
We use destruct
to perform case analysis on a term.
If we have a term of some type but we don't know what the term actually is, we can use destruct
to examine all the possible options. It generates subgoals for each possible constructor that could have been used to construct the term. Then we prove the goal for each possibility.
In this example we show that if we negate a boolean twice, we get the same boolean back. We cannot prove this for a general b
but we use destruct
to prove it for any possible value of b
(true
or false
).
Inductive bool: Set := | true | false. Definition not (b: bool) : bool := match b with | true => false | false => true end. Lemma not_not_x_equals_x: forall b, not (not b) = b. Proof. intro. destruct b. - reflexivity. - reflexivity. Qed.
1 subgoal b : bool -----------(1/1) not (not b) = b
inversion
Sometimes you have a hypothesis that can't be true unless other things are also true. We can use inversion
to discover other necessary conditions for a hypothesis to be true.
In this example we prove that if the successors of a
and b
are equal then a
and b
are also equal. We assume that S a = S b
. However, this can only be true if a = b
because of how we construct nat
s. We use inversion
to make Coq analyze the ways it can construct a
and b
and it realizes that they must be equal and adds it to the context.
Inductive nat : Set := | O | S : nat -> nat. Lemma successors_equal_implies_equal: forall a b, S a = S b -> a = b. Proof. intros. inversion H. reflexivity. Qed.
1 subgoal a : nat b : nat H : S a = S b -----------(1/1) a = b
induction
If we want to prove a theorem using induction, we use induction
!
When we use induction
, Coq generates subgoals for every possible constructor of the term, similar to destruct
. However, for inductive constructors (like S x
for nat
s), you also get an inductive hypothesis to help you prove your goal.
In this example we prove that adding any number to zero gives you the same number. We perform induction on n
and get two cases.
If n
is O
then we know that (add O O)
is O
so we can use reflexivity. This is the base case.
For the inductive case we assume that the property holds for all numbers up to n
and we have to prove it for (S n)
(read: n+1
).
To prove this we run the add
function for one step using simpl
. This brings the S
outside the add
function and now we can rewrite
the goal using our inductive hypothesis. Then we use reflexivity
to finish the proof. Good ol' reflexivity
.
Inductive nat : Set := | O | S : nat -> nat. Fixpoint add (a: nat) (b: nat) : nat := match a with | O => b | S x => S (add x b) end. Lemma n_plus_zero_equals_n: forall n, (add n O) = n. Proof. induction n. - reflexivity. - simpl. rewrite IHn. reflexivity. Qed.
2 subgoals -----------(1/2) add O O = O -----------(2/2) add (S n) O = S n
auto
Sometimes a goal looks easy but you may be feeling lazy. Why not try auto
?
auto
will intro variables and hypotheses and then try applying various other tactics to solve the goal. Which other tactics does it try? Who knows man.
The good thing is that auto
can't fail. At worst it will leave your goal unchanged. So go wild!
In this example we'll prove modus tollens using just auto
!
Lemma modus_tollens: forall p q: Prop, (p->q) -> ~q -> ~p. Proof. auto. Qed.
No more subgoals.
Use it when: you think the goal is easy but you're feeling lazy.
intuition
If you thought auto
was good, intuition
is even better!
The intuition
tactic also intros
variables and hypotheses and applies tactics to them, including auto
. Sometimes it works when auto
doesn't.
In this example we'll prove that if we know the conjunction of p
and q
, we also know p
by itself. auto
can't solve the goal by itself but intuition
can.
Lemma conjunction_elimination: forall p q, p /\ q -> p. Proof. intuition. Qed.
No more subgoals.
Use it when: auto
doesn't work but you think it should be easy to prove.
omega
If you are trying to prove something "mathy" you should try the omega
tactic. It's good at reasoning about goals involving nats and integers.
In this example we'll prove that an odd number can never equal an even number using omega
.
Require Import ZArith. (* or Require Import Omega. *) Lemma odds_arent_even: forall a b: nat, 2*a + 1 <> 2*b. Proof. intros. omega. Qed.
No more subgoals.
Use it when: your goal has some math in it.