Introduction to the Coq Software for Type Theory Part 2: Tactics
So to continue from the last hub I made on the subject, I will here discuss proving statements in Coq from the axioms, functions and definitions you have established. The essential part here is the use of tactics, which allows us to rewrite statements or assert lemmas. As in the previous hub, the examples will be taken from an attempt to build Euclidean geometry in Coq. Let us start with an easy example.
A Simple Example
Theorem ASA_Congruence : Congruence (P,Q,R) (X,Y,Z).
Proof.
apply SSSImply.
apply ASA_imply_SSS.
Qed.
This is the last part of a longer proof stating that ASA( that is to say, two angles having to equal angles and one equal line between them) implies Congruence (that the same two triangles have all angles and lines equal) that I split up in several parts. At this point it has been proven that ASA implies SSS (all sides equal), and we have from axiom that SSS implies congruence. So now it is fairly straight forward.
The first line defines what the end goal is :
Theorem ASA_Congruence : Congruence (P,Q,R) (X,Y,Z).
We start with «Theorem», which states that is is a theorem which shall be proven. One might also use «Lemma». Next, we give the theorem a name, which is useful if we want to refer to it later. I gave this proof the name ASA_Congruence.
Then, after the :, we state what we shall prove. I had previously defined P,Q,R,X,Y,Z as having type point, and proven things around them. One might also have used intros here to generalize, which will be discussed later.
So (P,Q,R) and (X,Y,Z) makes two triangles defined by these points.
The next line, proof, simply states that writing out the proof follows.
Here is how Coq looks at this point. The green marker shows what has been checked and confirmed by Cow to be logical. Comparing to regular programming, you might say Coq can compile one line at a time, which is helpful.
The right upper side shows the goals, ie what we are trying to prove right now. At the line we are at, right at the beginning of the proof, it states congruence between the two triangles. The right lower side send messages to the user, for example if there is an error in the proof.
Now, the first line in the proof is
apply SSSImply.
“apply” states that this will prove the statement we are looking for. SSSImply states that triangles which have SSS also have Congruence. apply only works if the end goal of what we are proving matches with the end statement of what we are applying.
In this case, that is true. So now all we have to do is prove the assumptions of SSSImply, that is to say, that the triangles have SSS.
The screen now looks like this.
As you see, the green has gone one line down, and the goal has changed, now we are asked to prove SSS between the triangles. ASA_implies_SSS states exactly this, and so the proof is finished. We end with a Qed, which closes the proof and defines whatever we have proven, so that it can be used later.
Tactics
in this proof I only used apply, but there are other tactics. Here is a list of some tactics and their uses:
rewrite, is the tactic I use the most. It rewrites the subgoal according to some variable. Some of you might remember mirrorSym from my earlier post, which allows you to change the order of the points defining a triangle while still having the same triangle. By writing
rewrite mirrorSym.
I could have rewritten the the triangles in the subgoals. Often it suffices to write it like this, but sometimes you have to specify what you want rewritten, for example:
rewrite (mirrorSym (X,Y,Z)).
rewrite changes a subgoal, but does not prove it.
Then there is fold and unfold. At the second stage of the proof I was supposed to prove SSS between two triangles. I had a theorem ready for that, but otherwise I would have used unfold. Unfold will unfold a definition, for SSS that would mean that all the lines are equal, and so you would prove that instead. A related one is split, which allows us to split a goal into two smaller subgoals. unfold SSS would first have a product type we would have to prove, EqualLine*EqualLine*EqualLine. Split would then be applied twice to turn it into three EqualLine goals, which we can prove separately.
Fold does the opposite of unfold, it fold something into its definition.
assert lets you add a subgoal which might help you in the other proofs, for example
assert (H : EqualLine X Y).
This little lemma is after being proven called H, and you can use it later in the proof. This is especially useful if you have to use this fact several times.
Not exactly a tactic, I should mention Let. This lets you define a term, for example:
Let A : Angle := (CreateAngle X Y Z).
This means that A is defined as the angle centered in X. You may then fold (CreateAngle X Y Z) which makes things more orderly and is sometimes necessary, if you want to, for example unfold the definition of X (if it has one) but you do not wish the X in the angle to be affected.
Intro lets you get “examples” of what you want to prove. If you want to prove something for all cases of an object, (using forall as in the previous post), intro defines examples of those objects with the right properties, and proving it for the intros is the same as proving it for all objects of that type.
And finally, symmetry and reflexivity. You might remember that we have the identity function for all types, and that Coq says the identity function has symmetry and reflexivity. This is how you state that for Coq to understand, so if you goal is EqualPoint A A, you can simple state
reflexivity.
and the goal is finished. Symmetry changes the order of the two terms in an equality-goal.
These are the tactics I have used, although there are many more. These have however been enough to establish all I have proven so far in Euclidean geometry.
