Non-empty list append theorem in Coq












4















I am trying to prove the following lemma in Coq:



Require Import Lists.List.

Import ListNotations.

Lemma not_empty : forall (A : Type) (a b : list A),

    (a <>  / b <> ) -> a ++ b <> .


Right now my current strategy was to destruct on a, and after breaking the disjunction I could ideally just state that if a <> then a ++ b must also be <> ... That was the plan, but I can't seem to get past a subgoal that resembles the first " a ++ b <> ", even when my context clearly states that " b <> ". Any advice?



I've also looked through a lot of the pre-existing list theorems and haven't found anything particularly helpful (minus app_nil_l and app_nil_r, for some subgoals).






ocaml coq theorem-proving coq-tactic formal-verification







share|improve this question

























  • "apply app_eq_nil" should be useful. When you have a goal "a <> b" you can use "intro" to show that "a = b" lead to a contradiction.

    – Boris E.
    Nov 20 '18 at 8:01











  • Could you please show us the proof script you have so far.

    – Julien
    Nov 22 '18 at 10:17
















4















I am trying to prove the following lemma in Coq:



Require Import Lists.List.

Import ListNotations.

Lemma not_empty : forall (A : Type) (a b : list A),

    (a <>  / b <> ) -> a ++ b <> .


Right now my current strategy was to destruct on a, and after breaking the disjunction I could ideally just state that if a <> then a ++ b must also be <> ... That was the plan, but I can't seem to get past a subgoal that resembles the first " a ++ b <> ", even when my context clearly states that " b <> ". Any advice?



I've also looked through a lot of the pre-existing list theorems and haven't found anything particularly helpful (minus app_nil_l and app_nil_r, for some subgoals).






ocaml coq theorem-proving coq-tactic formal-verification







share|improve this question

























  • "apply app_eq_nil" should be useful. When you have a goal "a <> b" you can use "intro" to show that "a = b" lead to a contradiction.

    – Boris E.
    Nov 20 '18 at 8:01











  • Could you please show us the proof script you have so far.

    – Julien
    Nov 22 '18 at 10:17














4












4








4


1






I am trying to prove the following lemma in Coq:



Require Import Lists.List.

Import ListNotations.

Lemma not_empty : forall (A : Type) (a b : list A),

    (a <>  / b <> ) -> a ++ b <> .


Right now my current strategy was to destruct on a, and after breaking the disjunction I could ideally just state that if a <> then a ++ b must also be <> ... That was the plan, but I can't seem to get past a subgoal that resembles the first " a ++ b <> ", even when my context clearly states that " b <> ". Any advice?



I've also looked through a lot of the pre-existing list theorems and haven't found anything particularly helpful (minus app_nil_l and app_nil_r, for some subgoals).






ocaml coq theorem-proving coq-tactic formal-verification







share|improve this question
















I am trying to prove the following lemma in Coq:



Require Import Lists.List.

Import ListNotations.

Lemma not_empty : forall (A : Type) (a b : list A),

    (a <>  / b <> ) -> a ++ b <> .


Right now my current strategy was to destruct on a, and after breaking the disjunction I could ideally just state that if a <> then a ++ b must also be <> ... That was the plan, but I can't seem to get past a subgoal that resembles the first " a ++ b <> ", even when my context clearly states that " b <> ". Any advice?



I've also looked through a lot of the pre-existing list theorems and haven't found anything particularly helpful (minus app_nil_l and app_nil_r, for some subgoals).






ocaml coq theorem-proving coq-tactic formal-verification




ocaml coq theorem-proving coq-tactic formal-verification






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 22 '18 at 14:06









Julien

3527




3527










asked Nov 20 '18 at 0:48









AkhilAkhil

212




212













  • "apply app_eq_nil" should be useful. When you have a goal "a <> b" you can use "intro" to show that "a = b" lead to a contradiction.

    – Boris E.
    Nov 20 '18 at 8:01











  • Could you please show us the proof script you have so far.

    – Julien
    Nov 22 '18 at 10:17



















  • "apply app_eq_nil" should be useful. When you have a goal "a <> b" you can use "intro" to show that "a = b" lead to a contradiction.

    – Boris E.
    Nov 20 '18 at 8:01











  • Could you please show us the proof script you have so far.

    – Julien
    Nov 22 '18 at 10:17

















"apply app_eq_nil" should be useful. When you have a goal "a <> b" you can use "intro" to show that "a = b" lead to a contradiction.

– Boris E.
Nov 20 '18 at 8:01





"apply app_eq_nil" should be useful. When you have a goal "a <> b" you can use "intro" to show that "a = b" lead to a contradiction.

– Boris E.
Nov 20 '18 at 8:01













Could you please show us the proof script you have so far.

– Julien
Nov 22 '18 at 10:17





Could you please show us the proof script you have so far.

– Julien
Nov 22 '18 at 10:17












3 Answers
3






active

oldest

votes


















2














first, I am not sure which Coq version you are using, the syntax certainly looks odd. Seconds, it is hard for us to help if you don't show us the proof you have so far. I should say that indeed your strategy seems correct, you should destruct both lists, tho it is better if you first inspect the or to see which list is not empty.



Another option is to use computation to show your lemma, in this case, equality will compute and thus you will get the result of the comparison. It suffices to destroy only one list in this case due the order or arguments:



From mathcomp Require Import all_ssreflect.



Lemma not_empty (A : eqType) (a b : seq A) :

  [|| a != [::] | b != [::]] -> a ++ b != [::].

Proof. by case: a. Qed.





share|improve this answer































    2














    You started the right way with your destruct a.



    You should end up at some point with a0::a++b<>0. It ressembles a++b<>0 but it is quite different as you have a cons here, thus discriminate knows that it is different from nil.






    share|improve this answer































      2














      Starting with destruct a is a good idea indeed.



      For the case where a is Nil, you should destruct the (a <> / b <> ) hypothesis. There will be two cases:




      • the right one the hypothesis <> is a contradiction,

      • the left one, the hypothesis b <> is your goal (since a = )


      For the case where a is a :: a0, you should use discriminate as Julien said.






      share|improve this answer























        Your Answer






        StackExchange.ifUsing("editor", function () {
        StackExchange.using("externalEditor", function () {
        StackExchange.using("snippets", function () {
        StackExchange.snippets.init();
        });
        });
        }, "code-snippets");

        StackExchange.ready(function() {
        var channelOptions = {
        tags: "".split(" "),
        id: "1"
        };
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function() {
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled) {
        StackExchange.using("snippets", function() {
        createEditor();
        });
        }
        else {
        createEditor();
        }
        });

        function createEditor() {
        StackExchange.prepareEditor({
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: true,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: 10,
        bindNavPrevention: true,
        postfix: "",
        imageUploader: {
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        },
        onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        });


        }
        });














        draft saved

        draft discarded


















        StackExchange.ready(
        function () {
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53384688%2fnon-empty-list-append-theorem-in-coq%23new-answer', 'question_page');
        }
        );

        Post as a guest















        Required, but never shown

























        3 Answers
        3






        active

        oldest

        votes








        3 Answers
        3






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        2














        first, I am not sure which Coq version you are using, the syntax certainly looks odd. Seconds, it is hard for us to help if you don't show us the proof you have so far. I should say that indeed your strategy seems correct, you should destruct both lists, tho it is better if you first inspect the or to see which list is not empty.



        Another option is to use computation to show your lemma, in this case, equality will compute and thus you will get the result of the comparison. It suffices to destroy only one list in this case due the order or arguments:



        From mathcomp Require Import all_ssreflect.
        

        
Lemma not_empty (A : eqType) (a b : seq A) :
        
  [|| a != [::] | b != [::]] -> a ++ b != [::].
        
Proof. by case: a. Qed.





        share|improve this answer




























          2














          first, I am not sure which Coq version you are using, the syntax certainly looks odd. Seconds, it is hard for us to help if you don't show us the proof you have so far. I should say that indeed your strategy seems correct, you should destruct both lists, tho it is better if you first inspect the or to see which list is not empty.



          Another option is to use computation to show your lemma, in this case, equality will compute and thus you will get the result of the comparison. It suffices to destroy only one list in this case due the order or arguments:



          From mathcomp Require Import all_ssreflect.
          

          
Lemma not_empty (A : eqType) (a b : seq A) :
          
  [|| a != [::] | b != [::]] -> a ++ b != [::].
          
Proof. by case: a. Qed.





          share|improve this answer


























            2












            2








            2







            first, I am not sure which Coq version you are using, the syntax certainly looks odd. Seconds, it is hard for us to help if you don't show us the proof you have so far. I should say that indeed your strategy seems correct, you should destruct both lists, tho it is better if you first inspect the or to see which list is not empty.



            Another option is to use computation to show your lemma, in this case, equality will compute and thus you will get the result of the comparison. It suffices to destroy only one list in this case due the order or arguments:



            From mathcomp Require Import all_ssreflect.
            

            
Lemma not_empty (A : eqType) (a b : seq A) :
            
  [|| a != [::] | b != [::]] -> a ++ b != [::].
            
Proof. by case: a. Qed.





            share|improve this answer













            first, I am not sure which Coq version you are using, the syntax certainly looks odd. Seconds, it is hard for us to help if you don't show us the proof you have so far. I should say that indeed your strategy seems correct, you should destruct both lists, tho it is better if you first inspect the or to see which list is not empty.



            Another option is to use computation to show your lemma, in this case, equality will compute and thus you will get the result of the comparison. It suffices to destroy only one list in this case due the order or arguments:



            From mathcomp Require Import all_ssreflect.
            

            
Lemma not_empty (A : eqType) (a b : seq A) :
            
  [|| a != [::] | b != [::]] -> a ++ b != [::].
            
Proof. by case: a. Qed.






            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 21 '18 at 1:54









            ejgallegoejgallego

            5,3541925




            5,3541925

























                2














                You started the right way with your destruct a.



                You should end up at some point with a0::a++b<>0. It ressembles a++b<>0 but it is quite different as you have a cons here, thus discriminate knows that it is different from nil.






                share|improve this answer




























                  2














                  You started the right way with your destruct a.



                  You should end up at some point with a0::a++b<>0. It ressembles a++b<>0 but it is quite different as you have a cons here, thus discriminate knows that it is different from nil.






                  share|improve this answer


























                    2












                    2








                    2







                    You started the right way with your destruct a.



                    You should end up at some point with a0::a++b<>0. It ressembles a++b<>0 but it is quite different as you have a cons here, thus discriminate knows that it is different from nil.






                    share|improve this answer













                    You started the right way with your destruct a.



                    You should end up at some point with a0::a++b<>0. It ressembles a++b<>0 but it is quite different as you have a cons here, thus discriminate knows that it is different from nil.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Nov 22 '18 at 10:18









                    JulienJulien

                    3527




                    3527























                        2














                        Starting with destruct a is a good idea indeed.



                        For the case where a is Nil, you should destruct the (a <> / b <> ) hypothesis. There will be two cases:




                        • the right one the hypothesis <> is a contradiction,

                        • the left one, the hypothesis b <> is your goal (since a = )


                        For the case where a is a :: a0, you should use discriminate as Julien said.






                        share|improve this answer




























                          2














                          Starting with destruct a is a good idea indeed.



                          For the case where a is Nil, you should destruct the (a <> / b <> ) hypothesis. There will be two cases:




                          • the right one the hypothesis <> is a contradiction,

                          • the left one, the hypothesis b <> is your goal (since a = )


                          For the case where a is a :: a0, you should use discriminate as Julien said.






                          share|improve this answer


























                            2












                            2








                            2







                            Starting with destruct a is a good idea indeed.



                            For the case where a is Nil, you should destruct the (a <> / b <> ) hypothesis. There will be two cases:




                            • the right one the hypothesis <> is a contradiction,

                            • the left one, the hypothesis b <> is your goal (since a = )


                            For the case where a is a :: a0, you should use discriminate as Julien said.






                            share|improve this answer













                            Starting with destruct a is a good idea indeed.



                            For the case where a is Nil, you should destruct the (a <> / b <> ) hypothesis. There will be two cases:




                            • the right one the hypothesis <> is a contradiction,

                            • the left one, the hypothesis b <> is your goal (since a = )


                            For the case where a is a :: a0, you should use discriminate as Julien said.







                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered Nov 22 '18 at 15:42









                            BrunoBruno

                            234




                            234






























                                draft saved

                                draft discarded




















































                                Thanks for contributing an answer to Stack Overflow!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid



                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.


                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function () {
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53384688%2fnon-empty-list-append-theorem-in-coq%23new-answer', 'question_page');
                                }
                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                Popular posts from this blog

                                MongoDB - Not Authorized To Execute Command

                                Image
                                .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so: "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID("a1d5bc0d-bc58-485e-b232-270758a89455") }, $db: "admin...
                                Read more

                                How to fix TextFormField cause rebuild widget in Flutter

                                Image
                                .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I've got the same issue at #9280. I tried all solutions from that topic with/without GlobalKey for Scaffold and Form but the problem wasn't fixed. I tried to build a authentication form with login and signup. But the keyboard doesn't show when I tap the TextFormField at the first time. Then I try to input some letter from physical keyboard, the widget is rebuilt. Like this: login screen Nothing to be log when I run flutter run --verbose, so I logged manually. Every tapping on field, the widget called dispose -> init -> build. [√] Flutter (Channel beta, v1.0.0, on Microsoft Windows [Version 10.0.17763.195], ...
                                Read more

                                in spring boot 2.1 many test slices are not allowed anymore due to multiple @BootstrapWith

                                Image
                                1 I tried to upgrade a yummy sandwich made of two test slices (@JsonTest and @JdbcTest in my case, crunchy test code in between) adding spring boot 2.1 flavour to it. But it seems it was not much of a success. I cannot annotate my tests with many @...Test since they are now each bringing their own XxxTestContextBootstrapper. It used to work when they all used same SpringBootTestContextBootstrapper. @RunWith(SpringRunner.class) @JdbcTest @JsonTest public class Test { @Test public void test() { System.out.printn("Hello, World !"); } } The error I get from BootstrapUtils is illegalStateException : Configuration error: found multiple declarations of @BootstrapWith for test class I understand I might be doing something wrong here but is there an easy way I could load both Json and Jdbc contex...
                                Read more