问题
I was trying out the examples from the Coq documentation Software Foundations (http://www.cis.upenn.edu/~bcpierce/sf/current/Induction.html#lab40) when I noticed that to solve the example give in the link:
Theorem andb_true_elim1 : ∀b c : bool,
andb b c = true → b = true.
Proof.
intros b c H.
destruct b.
Case "b = true". (* <----- here *)
reflexivity.
Case "b = false". (* <---- and here *)
rewrite ← H.
reflexivity.
Qed.
we are destructing b which appears on the left of c for "andb". However to do the exercise that follows in the book i.e.
Theorem andb_true_elim2 : ∀b c : bool,
andb b c = true → c = true.
Proof.
(* FILL IN HERE *) Admitted.
I found the same method does not help. "reflexivity" did not help which I assume is due to the position of 'b' in the subgoal. Eventually I completed the proof in the following manner:
Theorem andb_true_elim2 : forall b c:bool,
andb b c = true -> c = true.
Proof.
intros b c H.
destruct c.
Case "c=true".
reflexivity.
Case "c=false".
rewrite <- H.
destruct b.
reflexivity.
reflexivity.
Qed.
Can someone explain why the above code worked and the following dint?
Theorem andb_true_elim2 : forall b c:bool,
andb b c = true -> c = true.
Proof.
intros b c H.
destruct c.
Case "c=true".
reflexivity.
Case "c=false".
rewrite <- H.
reflexivity.
回答1:
The reason the last proof doesn't work is the way andb defined and the way Coq simplifies such definitions (reflexivity performs some simplifications in the goal).
Here is the definition of andb in Coq.
Definition andb (b1 b2:bool) : bool := if b1 then b2 else false.
Notice that we make decision basing on the first parameter. So, when you use destruct on the first argument and then use reflexivity, you allow Coq to reduce andb b c (to false or to c).
Because of the unsymmetrical definition of andb, case analysis on the second argument doesn't work, since Coq can't reduce the if expression in the function's body.
来源:https://stackoverflow.com/questions/37214005/using-reflexivity-in-coq