0

I wanted to see a few hands on examples of Coq proofs of the form:

\exists A(x1,...,xn)

essentially where the Goal had an existential quantifier. I was having issues manipulating the goal in meaningful ways to make progress in my proof and wanted to see a few examples of common tactics to manipulate.

What are some good existential quantifiers examples in Coq to prove?

My specific example I had:

Theorem Big_Small_ForwardImpl   :
  forall (P : Program) (S' : State),
    (BigStepR (B_PgmConf P) (B_StateConf S')) -> (ConfigEquivR (S_PgmConf P) (S_BlkConf EmptyBlk S')).
Proof.
  intros.
  induction P.
  unfold ConfigEquivR.
  refine (ex_intro _ _ _) .

my context and goals was:

1 subgoal
l : list string
s : Statement
S' : State
H : BigStepR (B_PgmConf (Pgm l s)) (B_StateConf S')
______________________________________(1/1)
exists N : nat, NSmallSteps N (S_PgmConf (Pgm l s)) (S_BlkConf EmptyBlk S')

but then changed to:

1 subgoal
l : list string
s : Statement
S' : State
H : BigStepR (B_PgmConf (Pgm l s)) (B_StateConf S')
______________________________________(1/1)
NSmallSteps ?Goal (S_PgmConf (Pgm l s)) (S_BlkConf EmptyBlk S')

after using the refine (ex_intro _ _ _) tactic. Since I am not sure what is going on I was hoping some simpler examples could show me how to manipulate existential quantifiers in my Coq goal.

helpful comment:

The ?Goal was introduced by Coq as a placeholder for some N that will have to be deduced later in the proof.

Charlie Parker
  • 5,884
  • 57
  • 198
  • 323
  • 1
    The `?Goal` was introduced by Coq as a placeholder for some `N` that will have to be deduced later in the proof. You can see the same behavior when using the `eexists` tactic. – J-M. Gorius Dec 22 '18 at 18:23
  • @J-M.Gorius honestly, I have no idea how one comes up with such a `N`, the reason I was thinking that looking for a simpler example first would be easier than the one I am actually working on... – Charlie Parker Dec 22 '18 at 18:24
  • @J-M.Gorius thanks! I didn't know thats what it stood for. – Charlie Parker Dec 22 '18 at 18:25
  • It is often possible for Coq to automatically deduce a value for `?Goal` as the proof goes on. You can continue the proof as if `?Goal` was a well-defined value and let Coq do the "dirty work" behind the scenes. – J-M. Gorius Dec 22 '18 at 18:26
  • @J-M.Gorius perhaps this is why I need a simpler concrete example to work through this. I just can't imagine right now what I can even do to the goal...not sure if its because its a quantifier example or what is getting me stuck... – Charlie Parker Dec 22 '18 at 18:29
  • I added an example in the form of an answer as it would not fit in a comment. – J-M. Gorius Dec 22 '18 at 18:44
  • @J-M.Gorius I went through the `eexists` documentation and it doesn't really make sense to me. What is that doing? – Charlie Parker Dec 26 '18 at 01:43
  • This might be relevant for a new question. – J-M. Gorius Dec 26 '18 at 10:14

1 Answers1

1

The following example is based on the code provided in this answer.

Suppose we have a type T and a binary relation R on elements of type T. For the purpose of this example, we can define those as follows.

Variable T : Type.
Variable R : T -> T -> Prop.

Let us prove the following simple theorem.

Theorem test : forall x y, R x y -> exists t, R x t.

Here is a possible solution.

Proof.
  intros. exists y. apply H.
Qed.

Instead of explicitly specifying that y is the element we are looking for, we can rely on Coq's powerful automatic proof mechanisms in order to automatically deduce which variable satisfies R x t:

Proof.
  intros.
  eexists. (* Introduce a temporary placeholder of the form ?t *)
  apply H. (* Coq can deduce from the hypothesis H that ?t must be y *)
Qed.

There exist numerous tactics that make ise of the same automated deduction mechanisms, such as eexists, eapply, eauto, etc.

Note that their names often correspond to usual tactics prefixed with an e.

J-M. Gorius
  • 606
  • 4
  • 15
  • how do you know to use `eexists` and not some other `eTACTIC`? – Charlie Parker Dec 26 '18 at 01:57
  • The reasoning behind using `eexists` might be as follows: "I know that I have to prove that there *exists* some `t` satisfying `R x t`, but it may be cumbersome to specify it. I will let Coq introduce a temporary existential variable and let it do the work." In essence, I *know* that such a `t` has to exist, but I do not bother explicitly specifying it. I specifically use `eexists` because what I want to do is prove the *existence* of `t`. – J-M. Gorius Dec 26 '18 at 10:11